Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-12904

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-15 Nov, 2021 | 15:12
Updated At-16 Sep, 2024 | 16:38
Rejected At-
Credits

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:15 Nov, 2021 | 15:12
Updated At:16 Sep, 2024 | 16:38
Rejected At:
▼CVE Numbering Authority (CNA)

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon Software
Versions
Affected
  • From Radeon Software before 20.11.2 (custom)
  • From Radeon Pro Software for Enterprise before 21.Q2 (custom)
Problem Types
TypeCWE IDDescription
textN/ANA
Type: text
CWE ID: N/A
Description: NA
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
x_refsource_MISC
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
x_refsource_MISC
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:15 Nov, 2021 | 16:15
Updated At:18 Nov, 2021 | 03:29

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Advanced Micro Devices, Inc.
amd
>>radeon_software>>Versions before 20.11.2(exclusive)
cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000psirt@amd.com
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Source: psirt@amd.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2404Records found
CVE-2021-29904
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-0776
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.88% / 74.46%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:08
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server
CVE-2019-0553
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 ServersWindows 10Windows Server 2019
CVE-2021-28317
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.62%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Windows Codecs Library Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28318
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-19 Nov, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI+ Information Disclosure Vulnerability

Windows GDI+ Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28309
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 60.06%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28435
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-19 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Information Disclosure Vulnerability

Windows Event Tracing Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-28441
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.62%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Windows Hyper-V Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909
CVE-2021-28437
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.62%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Information Disclosure Vulnerability

Windows Installer Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2024-26160
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-25.42% / 96.00%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_23h2Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-126
Buffer Over-read
CVE-2021-26400
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.72%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:36
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-cpuAMD Processors
CVE-2021-26407
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.70%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-08 Apr, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.

Action-Not Available
Vendor-AMDAdvanced Micro Devices, Inc.
Product-romepiromepi_firmware2nd Gen EPYC
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2021-26371
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:59
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_3250c_firmwareepyc_7552_firmwareryzen_5_5600_firmwareamd_3015ceepyc_7663ryzen_7_2700uryzen_threadripper_pro_5995wx_firmwareepyc_73f3_firmwareepyc_7402pepyc_74f3_firmwareepyc_73f3epyc_7252ryzen_7_3800xt_firmwareryzen_5_3500uryzen_7_3700uryzen_5_2500u_firmwareepyc_7352ryzen_3_3100_firmwareryzen_3_3250u_firmwareryzen_7_2800hepyc_7473xepyc_7501_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_threadripper_pro_5995wxryzen_9_3900xt_firmwareryzen_5_3450uryzen_9_5900x_firmwareryzen_5_3500epyc_7502epyc_7452ryzen_5_2400g_firmwareepyc_7002epyc_74f3epyc_7713pepyc_7251epyc_7551_firmwareryzen_5_3580u_firmwareryzen_7_3700c_firmwareepyc_7543ryzen_threadripper_3990xryzen_threadripper_pro_5955wxryzen_3_3250uepyc_7003epyc_7251_firmwareepyc_7351pryzen_9_5950xryzen_7_3700x_firmwareryzen_7_3800x_firmwareryzen_3_2200ge_firmwareryzen_7_2700u_firmwareryzen_5_2400geepyc_7373xepyc_7542_firmwareryzen_3_pro_2100geepyc_7373x_firmwareryzen_threadripper_pro_5975wx_firmwareepyc_72f3_firmwareepyc_7451_firmwareepyc_7773xepyc_7413epyc_7702p_firmwareryzen_5_5600x_firmwareepyc_7551ryzen_3_3350u_firmwareryzen_5_3550h_firmwareryzen_7_3700u_firmwareryzen_5_3550hepyc_7642_firmwareryzen_7_5800x3d_firmwareepyc_7262_firmwareepyc_7343ryzen_9_3950xepyc_7542epyc_7642ryzen_7_3780u_firmwareepyc_7272_firmwareepyc_7501ryzen_3_2200g_firmwareepyc_7401_firmwareryzen_5_5600ryzen_5_2400ge_firmwareepyc_7742epyc_72f3ryzen_threadripper_pro_5965wxryzen_threadripper_3990x_firmwareepyc_7601_firmwareepyc_7302pepyc_7763epyc_7413_firmwareepyc_7502_firmwareepyc_7313ryzen_3_3300xepyc_7443epyc_7302p_firmwareryzen_5_3580uepyc_7281epyc_7502p_firmwareepyc_7702pepyc_7001_firmwareryzen_3_2200geepyc_75f3ryzen_5_3500cryzen_threadripper_pro_5945wx_firmwareepyc_7313_firmwareryzen_threadripper_3970x_firmwareryzen_5_3500c_firmwareryzen_5_3600ryzen_3_pro_2100ge_firmwareryzen_9_5950x_firmwareepyc_7662_firmwareepyc_7f72ryzen_5_3600xryzen_3_2200uryzen_3_2300u_firmwareryzen_7_5700x_firmwareryzen_9_3900_firmwareepyc_7301_firmwareepyc_7451epyc_7282_firmwareepyc_7742_firmwareepyc_7371epyc_7532epyc_7313p_firmwareepyc_7262epyc_7h12ryzen_7_3750hepyc_7453ryzen_7_5800xepyc_7543_firmwareepyc_7552ryzen_3_2300uryzen_9_3900xryzen_5_5600xepyc_7351ryzen_5_3600xt_firmwareepyc_7302epyc_7f32_firmwareepyc_7573x_firmwareryzen_threadripper_pro_3995wx_firmwareepyc_7662ryzen_5_3500_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7f52_firmwareryzen_9_3900xtepyc_7003_firmwareryzen_7_3700xryzen_threadripper_3960xepyc_7001ryzen_7_3800xtepyc_7513ryzen_5_2600h_firmwareryzen_5_3600x_firmwareryzen_3_2200gepyc_7402p_firmwareryzen_7_5800_firmwareepyc_7402epyc_7643epyc_7232p_firmwareepyc_7261ryzen_5_2500uryzen_3_3300uryzen_threadripper_3970xryzen_7_5800x3dryzen_9_5900_firmwareryzen_threadripper_pro_3955wxamd_3015ce_firmwareepyc_7702epyc_7h12_firmwareepyc_7452_firmwareryzen_threadripper_pro_5945wxepyc_7401pepyc_7543p_firmwareryzen_9_3900x_firmwareepyc_7272epyc_7513_firmwareryzen_5_3500xryzen_3_3300x_firmwareryzen_threadripper_pro_3945wxryzen_threadripper_3960x_firmwareryzen_3_3100epyc_7443pryzen_7_3700cryzen_7_3780uepyc_7f72_firmwareepyc_7301ryzen_3_3300u_firmwareryzen_5_3600xtepyc_7401epyc_7f52epyc_7f32epyc_7261_firmwareepyc_7402_firmwareepyc_7351_firmwareryzen_7_5700xepyc_75f3_firmwareryzen_5_3450u_firmwareamd_3015eryzen_5_3600_firmwareepyc_7443_firmwareepyc_7763_firmwareepyc_7401p_firmwareepyc_7252_firmwareryzen_5_2600hepyc_7643_firmwareepyc_7473x_firmwareepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7351p_firmwareepyc_7551pryzen_3_3350uryzen_9_3900ryzen_5_5500_firmwareepyc_7543pryzen_9_3950x_firmwareryzen_3_2200u_firmwareryzen_9_5900ryzen_threadripper_pro_3955wx_firmwareryzen_3_3200u_firmwareryzen_5_3500x_firmwareryzen_threadripper_pro_3975wxryzen_threadripper_pro_3975wx_firmwareepyc_7551p_firmwareepyc_7663_firmwareepyc_7352_firmwareamd_3015e_firmwareryzen_7_2800h_firmwareryzen_threadripper_pro_3995wxryzen_7_5800epyc_7713_firmwareepyc_7371_firmwareepyc_7713epyc_7281_firmwareryzen_7_3750h_firmwareryzen_7_3800xepyc_7313pryzen_threadripper_pro_5975wxepyc_7773x_firmwareepyc_7573xepyc_7502pryzen_5_2400gepyc_7282ryzen_9_5900xryzen_5_3500u_firmwareryzen_5_5500epyc_7443p_firmwareepyc_7343_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3250cryzen_3_3200uepyc_7601epyc_7002_firmwareryzen_7_5800x_firmwareryzen_threadripper_pro_5955wx_firmwareRyzen™ 3000 Series Desktop Processors “Matisse” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP51st Gen AMD EPYC™ Processors2nd Gen AMD EPYC™ ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP3rd Gen AMD EPYC™ ProcessorsRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4Ryzen™ Threadripper™ PRO Processors “Chagall” WSAMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM43rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”
CVE-2021-26361
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 17:46
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-athlon_3150geryzen_5_5600hathlon_3150g_firmwareryzen_3_5425cryzen_3_5425u_firmwareathlon_3050geryzen_5_5600uryzen_5_2500uryzen_9_5980hxryzen_3_2300u_firmwareryzen_7_5800hsryzen_5_5600xryzen_9_5900hx_firmwareryzen_5_5600hsryzen_3_2300uryzen_7_5825uryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_5_5700geryzen_7_5825u_firmwareryzen_3_5125cryzen_7_2800h_firmwareryzen_5_5700gryzen_9_5900hs_firmwareryzen_5_5560uryzen_5_5600u_firmwareryzen_5_2500u_firmwareryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_7_2700xryzen_5_5700g_firmwareryzen_9_5980hsryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_5_5625c_firmwareryzen_3_5425uryzen_5_2600hryzen_5_5625cryzen_5_5700ge_firmwareryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_7_2700uryzen_3_5400uradeon_softwareryzen_7_5825cryzen_5_2600h_firmwareryzen_7_5800uryzen_7_2800hathlon_3150gryzen_9_5900hxryzen_5_2600x_firmwareryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_5_5600hs_firmwareryzen_3_5425c_firmwareryzen_7_2700_firmwareathlon_3150ge_firmwareryzen_5_5600h_firmwareryzen_7_5800hryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareathlon_3050ge_firmwareAthlon™ SeriesRyzen™ Series
CVE-2021-26404
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.61%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-08 Apr, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7313epyc_7443_firmwareepyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7573xepyc_7713pepyc_7443epyc_74f3_firmwareepyc_7513epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7373xepyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7513_firmwareepyc_7543p_firmwareepyc_7773xepyc_7003epyc_7413_firmwareepyc_7643epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_7373x_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_75f3_firmwareepyc_7473xepyc_7453_firmwareepyc_7343_firmwareepyc_7473x_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26417
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 64.46%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-19 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Overlay Filter Information Disclosure Vulnerability

Windows Overlay Filter Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-26342
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 23.20%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:21
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7371_firmwareepyc_7343epyc_7261epyc_7543_firmwareepyc_7451epyc_7763_firmwareepyc_7551_firmwareepyc_7713pepyc_7573xepyc_7443epyc_7513epyc_7313p_firmwareepyc_7351p_firmwareepyc_7453epyc_7373xepyc_7513_firmwareepyc_7543p_firmwareepyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7601epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_72f3_firmwareepyc_7373x_firmwareepyc_7371epyc_7001epyc_75f3_firmwareepyc_7473xepyc_7001_firmwareepyc_7451_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_7281epyc_7551epyc_7413epyc_7301epyc_7551pepyc_7401p_firmwareepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7573x_firmwareepyc_7251epyc_7351_firmwareepyc_74f3_firmwareepyc_7763epyc_7713_firmwareepyc_7401epyc_7713p_firmwareepyc_73f3_firmwareepyc_7713epyc_7443p_firmwareepyc_7773xepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7453_firmwareepyc_7501epyc_7501_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3EPYC™ Processors
CVE-2024-26177
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.78% / 72.81%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-26312
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.01%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:55
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7451epyc_7261epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7351p_firmwareepyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7601epyc_7302epyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7371epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7551epyc_7281epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-27093
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.40%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26343
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7313pepyc_7543epyc_7573xepyc_7663_firmwareepyc_7543p_firmwareepyc_7313_firmwareepyc_7313epyc_7413_firmwareepyc_7543pepyc_7643epyc_74f3epyc_7543_firmwareepyc_7443epyc_75f3epyc_7453epyc_7513epyc_7763_firmwareepyc_7343epyc_7773x_firmwareepyc_73f3_firmwareepyc_7713p_firmwareepyc_7713pepyc_7373xepyc_7443pepyc_7453_firmwareepyc_7773xepyc_7513_firmwareepyc_7713_firmwareepyc_72f3_firmwareepyc_7743epyc_7573x_firmwareepyc_7443p_firmwareepyc_73f3epyc_7763epyc_7313p_firmwareepyc_7743_firmwareepyc_7373x_firmwareepyc_7643_firmwareepyc_72f3epyc_74f3_firmwareepyc_75f3_firmwareepyc_7003_firmwareepyc_7713epyc_7343_firmwareepyc_7003epyc_7443_firmwareepyc_7413epyc_76633rd Gen EPYC
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-26314
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative execution with Floating-Point Value Injection

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationFedora ProjectBroadcom Inc.Arm Limited
Product-core_i7-7700kryzen_5_5600xxeon_silver_4214fedoracore_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-26341
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.03%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareathlon_x4_870k_firmwareathlon_silver_3050u_firmwareepyc_7451epyc_7282_firmwareepyc_7261epyc_7f32epyc_7551_firmwareepyc_7272_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_3_pro_3300uryzen_9_3900xryzen_5_pro_3500uathlon_x4_880k_firmwareryzen_7_4700geryzen_5_2500ua9-9410_firmwareathlon_x4_940_firmwareryzen_9_5980hxepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareepyc_7232p_firmwarea9-9420_firmwareryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_5600hsathlon_x4_830_firmwareryzen_3_2300uryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareepyc_7542ryzen_7_4700gryzen_5_3400gepyc_7281_firmwareepyc_7h12_firmwareryzen_threadripper_2950xathlon_x4_760kepyc_7f52ryzen_threadripper_pro_5945wxryzen_7_pro_3700u_firmwareathlon_gold_3450g_firmwareryzen_5_2500u_firmwareryzen_3_4300g_firmwareryzen_3_3100athlon_silver_3050geepyc_7f32_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502a12-9730pryzen_3_2200u_firmwareathlon_x4_840_firmwareryzen_9_5900hsryzen_3_2200uepyc_7551epyc_7281epyc_7551pryzen_9_4900hsathlon_silver_3050ge_firmwareryzen_threadripper_2920xathlon_x4_970a10-9630pryzen_9_5980hsepyc_7551p_firmwareathlon_x4_950_firmwareepyc_7601_firmwareryzen_5_2600ryzen_7_2700x_firmwareryzen_7_2700ryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xryzen_7_5800h_firmwareepyc_7352ryzen_5_2600hathlon_x4_750epyc_7401ryzen_5_pro_2500uepyc_7742ryzen_7_2700uepyc_7272ryzen_3_5400ua10-9600pryzen_9_4900hs_firmwareryzen_5_4600geryzen_7_2800hathlon_gold_3150geryzen_7_4800h_firmwareryzen_5_2600x_firmwareryzen_9_5980hs_firmwareryzen_7_3700x_firmwareryzen_5_5600hs_firmwareryzen_7_2700_firmwareathlon_x4_835_firmwareryzen_5_3400g_firmwareepyc_7261_firmwareathlon_gold_3150uryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_4300geryzen_3_5400u_firmwareryzen_5_2600_firmwareepyc_7742_firmwareryzen_7_3800xa6-9220c_firmwareepyc_7501_firmwarea12-9730p_firmwareepyc_7501athlon_x4_970_firmwareryzen_3_pro_2300u_firmwareathlon_x4_870kepyc_7301_firmwareryzen_5_3600_firmwareryzen_5_4600hryzen_threadripper_2990wx_firmwareryzen_7_pro_2700uathlon_x4_940athlon_x4_750_firmwareryzen_3_3300x_firmwareryzen_5_5600hepyc_7402pepyc_7252_firmwarea4-9120_firmwareepyc_7542_firmwareryzen_5_pro_2500u_firmwarea6-9210ryzen_threadripper_pro_5945wx_firmwareryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_7_4800hryzen_5_5600uepyc_7502pepyc_7252ryzen_threadripper_pro_5975wxryzen_3_2300u_firmwarea12-9700pepyc_7302p_firmwarea12-9700p_firmwareryzen_7_pro_3700ua9-9420ryzen_9_5900hx_firmwareepyc_7351p_firmwareathlon_x4_840ryzen_threadripper_2970wxepyc_7642_firmwareepyc_7h12epyc_7452a6-9220_firmwareathlon_x4_860k_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareepyc_7401pryzen_3_4300gepyc_7302epyc_7601ryzen_7_3800x_firmwarea6-9220ryzen_7_2800h_firmwareathlon_pro_300uepyc_7232pa10-9600p_firmwareryzen_9_5900hs_firmwareryzen_7_4700g_firmwareryzen_5_5600u_firmwareepyc_7552_firmwareryzen_5_3600xepyc_7371ryzen_5_pro_3500u_firmwareryzen_3_pro_3300u_firmwareepyc_7f72epyc_7662a10-9630p_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareepyc_7642epyc_7451_firmwareryzen_9_3950x_firmwareepyc_7532_firmwareepyc_7502p_firmwareryzen_5_4600h_firmwareathlon_gold_3450gepyc_7301ryzen_7_2700xepyc_7401p_firmwareepyc_7351pryzen_7_4700ge_firmwareryzen_7_5800u_firmwareathlon_pro_300u_firmwareryzen_9_3900x_firmwareepyc_7351_firmwareepyc_7251athlon_x4_830a6-9220cepyc_7552epyc_7702p_firmwareepyc_7302pathlon_silver_3050uryzen_3_5425uathlon_x4_950ryzen_5_4600gepyc_7302_firmwarea6-9210_firmwareathlon_x4_835athlon_x4_845_firmwarea9-9410ryzen_9_5980hx_firmwareepyc_7402_firmwareathlon_x4_760k_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262athlon_x4_845ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_7_5800uryzen_9_5900hxepyc_7251_firmwareepyc_7401_firmwareathlon_gold_3150u_firmwareathlon_x4_860kryzen_7_pro_2700u_firmwarea4-9120epyc_7452_firmwareryzen_threadripper_2990wxryzen_9_3950xryzen_threadripper_3970xryzen_3_4300ge_firmwareepyc_7402p_firmwareepyc_7351ryzen_3_3300gryzen_7_5800hryzen_3_pro_2300uryzen_threadripper_3970x_firmwareathlon_x4_880kryzen_5_3600ryzen_5_4600ge_firmwareryzen_7_5800hs_firmwareepyc_7282athlon_gold_3150ge_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_7532AMD Processors
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2021-26333
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 55.93%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 10:49
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Chipset Driver Information Disclosure Vulnerability

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-chipset_driverpsp_driverPSP Driver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2021-26869
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 60.06%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:39
Updated-01 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows ActiveX Installer Service Information Disclosure Vulnerability

Windows ActiveX Installer Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-26393
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.46%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-amd_3020e_firmwareradeon_pro_w5500xryzen_5_3580uradeon_rx_vega_64ryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3250cradeon_rx_6600amd_3015eradeon_rx_5300ryzen_5_pro_3350ge_firmwareradeon_rx_vega_56ryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_5800hsryzen_5_5600hsryzen_3_5300geryzen_3_2300uryzen_7_3750h_firmwareradeon_rx_6700sryzen_5_3400gradeon_rx_5700mamd_3020eathlon_pro_3145bryzen_5_5560uryzen_3_2200g_firmwareradeon_rx_5700ryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_5_2500u_firmwareradeon_rx_5700_xtryzen_3_pro_3200gryzen_7_3750hradeon_rx_5500mryzen_7_5700u_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_3200gryzen_7_3780uryzen_9_5900hsryzen_3_2200uradeon_rx_6500_xtryzen_3_3250c_firmwareradeon_rx_6950_xtryzen_7_5700gryzen_9_5980hsryzen_5_2400geryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_5_5500u_firmwareryzen_7_5800h_firmwareenterprise_driverradeon_pro_softwareryzen_5_2600hryzen_5_3500uradeon_rx_5600mryzen_7_2700uryzen_3_5400uradeon_softwareathlon_pro_3045bryzen_7_2800hryzen_5_3550hradeon_rx_6700ryzen_7_3780u_firmwareradeon_rx_6400radeon_rx_6800athlon_silver_3050c_firmwareryzen_9_5980hs_firmwareryzen_5_pro_3350gryzen_3_5300gryzen_5_5600ge_firmwareryzen_5_3500c_firmwareryzen_5_3400g_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_3_3350u_firmwareradeon_pro_w6800xradeon_rx_5600_xtryzen_5_5600h_firmwareryzen_5_5500uryzen_3_5400u_firmwareathlon_silver_3050cryzen_3_3300u_firmwareradeon_rx_6600sryzen_5_2400ge_firmwareryzen_5_2400gradeon_rx_6800sryzen_5_3580u_firmwareryzen_3_2200geryzen_5_3500cryzen_5_5600hryzen_5_pro_3400g_firmwareryzen_3_5300u_firmwareryzen_3_3300uryzen_3_5300uradeon_rx_6900_xtryzen_5_5600gryzen_5_3550h_firmwareryzen_5_5600uradeon_pro_w6400athlon_pro_3045b_firmwareryzen_3_2300u_firmwareradeon_rx_5500radeon_pro_w5700ryzen_9_5900hx_firmwareryzen_5_5600geradeon_rx_5300_xtryzen_7_3700u_firmwareryzen_3_5300ge_firmwareryzen_7_2700u_firmwareryzen_5_pro_3400gryzen_7_5700geryzen_5_3450uradeon_rx_6850m_xtryzen_3_2200ge_firmwareradeon_rx_6600_xtradeon_rx_6650_xtathlon_pro_3145b_firmwareryzen_7_2800h_firmwareryzen_5_pro_3350geryzen_7_5700uradeon_pro_w6600mradeon_pro_w6600xamd_3015ce_firmwareryzen_9_5900hs_firmwareradeon_pro_w6600ryzen_5_5600u_firmwareryzen_3_3200g_firmwareradeon_rx_6800_xtryzen_7_5700g_firmwareradeon_pro_w6900xradeon_rx_5300mradeon_pro_w6800radeon_rx_6600mradeon_pro_w5700xryzen_7_3700c_firmwareradeon_rx_6750_xtryzen_3_5300g_firmwareradeon_rx_5500_xtryzen_7_5800u_firmwareryzen_7_3700uathlon_silver_3050uryzen_3_2200gradeon_rx_6300mamd_3015ceryzen_5_5560u_firmwareryzen_9_5980hx_firmwareradeon_rx_6800mryzen_5_2600h_firmwareryzen_7_5800uradeon_rx_vega_56_firmwareradeon_rx_vega_64_firmwareryzen_9_5900hxradeon_pro_w6800x_duoradeon_rx_6650mradeon_rx_6650m_xtryzen_5_5600g_firmwareradeon_rx_6700_xtathlon_gold_3150cradeon_rx_6700mryzen_3_3250uryzen_5_2400g_firmwareathlon_gold_3150u_firmwareradeon_pro_w5500ryzen_5_pro_3400geradeon_rx_5600ryzen_7_5800hradeon_pro_w6500mryzen_5_3450u_firmwareamd_3015e_firmwareryzen_3_3250u_firmwareryzen_5_pro_3400ge_firmwareryzen_5_3500u_firmwareryzen_7_5800hs_firmwareradeon_pro_w6300mradeon_rx_6500mryzen_7_5700ge_firmwareryzen_3_3350uAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Ryzen™ Embedded V2000AMD Ryzen™ Embedded V1000AMD Radeon RX 6000 Series & PRO W6000 SeriesAMD Ryzen™ Embedded R2000AMD Ryzen™ Embedded R1000
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-26313
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.85%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative Code Store Bypass

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationDebian GNU/LinuxBroadcom Inc.Arm Limited
Product-debian_linuxcore_i7-7700kryzen_5_5600xxeon_silver_4214core_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-26327
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:18
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7313epyc_7443_firmwareepyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_7443epyc_74f3_firmwareepyc_7513epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7513_firmwareepyc_7543p_firmwareepyc_7003epyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2018-8427
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.83% / 87.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_word_vieweroffice_365_proplusofficeexcel_vieweroffice_compatibility_packpowerpoint_viewerwindows_server_2008Microsoft Excel ViewerMicrosoft Office Word ViewerMicrosoft OfficeOfficeMicrosoft PowerPoint ViewerWindows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8419
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.18% / 77.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_8.1windows_rt_8.1windows_7windows_10Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2018-8472
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.96% / 75.50%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8454
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.83% / 87.71%
||
7 Day CHG-0.07%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 ServersWindows 10Windows Server 2019
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8621
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_server_2008Windows 7Windows Server 2012Windows Server 2008 R2
CVE-2018-8477
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 64.73%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2018-7250
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-10.72% / 93.04%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.

Action-Not Available
Vendor-tivon/aMicrosoft Corporation
Product-windows_8windows_vistawindows_8.1windows_7safediscn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6266
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.44%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 18:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-21377
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 18:02
Updated-03 May, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Information Disclosure Vulnerability

Windows DNS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-197
Numeric Truncation Error
CVE-2021-24079
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 54.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Backup Engine Information Disclosure Vulnerability

Windows Backup Engine Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2008-4278
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 19.14%
||
7 Day CHG~0.00%
Published-06 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowsvirtualcentervirtual_infrastructure_clientn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-24106
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.48%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DirectX Information Disclosure Vulnerability

Windows DirectX Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2018-4226
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.97%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchosmac_os_xwindowsicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-24084
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.29% / 90.57%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Device Management Information Disclosure Vulnerability

Windows Mobile Device Management Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-4224
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_osapple_tvwatchosmac_os_xwindowsicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-3989
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 22:00
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Action-Not Available
Vendor-wibun/aMicrosoft Corporation
Product-windowswibukeyn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-46.74% / 97.58%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-24076
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.48%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows VMSwitch Information Disclosure Vulnerability

Microsoft Windows VMSwitch Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-23827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 23:07
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

Action-Not Available
Vendor-keybasen/aRed Hat, Inc.Microsoft CorporationApple Inc.
Product-windowsmacoslinuxkeybasen/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-24107
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 64.46%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:03
Updated-01 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Information Disclosure Vulnerability

Windows Event Tracing Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2024-20694
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 65.91%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:56
Updated-14 May, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CoreMessaging Information Disclosure Vulnerability

Windows CoreMessaging Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 22H2Windows Server 2019Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1607Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 11 version 22H2
CWE ID-CWE-908
Use of Uninitialized Resource
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2007-5470
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.25% / 78.54%
||
7 Day CHG~0.00%
Published-16 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-expression_median/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-310
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 48
  • 49
  • Next
Details not found