Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-28368

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Nov, 2020 | 18:17
Updated At-04 Aug, 2024 | 16:33
Rejected At-
Credits

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Nov, 2020 | 18:17
Updated At:04 Aug, 2024 | 16:33
Rejected At:
▼CVE Numbering Authority (CNA)

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://xenbits.xen.org/xsa/advisory-351.html
x_refsource_MISC
https://platypusattack.com
x_refsource_MISC
https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/
x_refsource_MISC
http://xenbits.xen.org/xsa/advisory-351.html
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/
vendor-advisory
x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2020/11/26/1
mailing-list
x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/
vendor-advisory
x_refsource_FEDORA
https://www.debian.org/security/2020/dsa-4804
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://xenbits.xen.org/xsa/advisory-351.html
Resource:
x_refsource_MISC
Hyperlink: https://platypusattack.com
Resource:
x_refsource_MISC
Hyperlink: https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/
Resource:
x_refsource_MISC
Hyperlink: http://xenbits.xen.org/xsa/advisory-351.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.openwall.com/lists/oss-security/2020/11/26/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.debian.org/security/2020/dsa-4804
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://xenbits.xen.org/xsa/advisory-351.html
x_refsource_MISC
x_transferred
https://platypusattack.com
x_refsource_MISC
x_transferred
https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/
x_refsource_MISC
x_transferred
http://xenbits.xen.org/xsa/advisory-351.html
x_refsource_CONFIRM
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.openwall.com/lists/oss-security/2020/11/26/1
mailing-list
x_refsource_MLIST
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.debian.org/security/2020/dsa-4804
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://xenbits.xen.org/xsa/advisory-351.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://platypusattack.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://xenbits.xen.org/xsa/advisory-351.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2020/11/26/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.debian.org/security/2020/dsa-4804
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Nov, 2020 | 19:15
Updated At:07 Nov, 2023 | 03:21

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

Xen Project
xen
>>xen>>Versions up to 4.14.0(inclusive)
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2020/11/26/1cve@mitre.org
Mailing List
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-351.htmlcve@mitre.org
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/cve@mitre.org
N/A
https://platypusattack.comcve@mitre.org
Third Party Advisory
https://www.debian.org/security/2020/dsa-4804cve@mitre.org
Mailing List
Third Party Advisory
https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/cve@mitre.org
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-351.htmlcve@mitre.org
Patch
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2020/11/26/1
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://xenbits.xen.org/xsa/advisory-351.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://platypusattack.com
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2020/dsa-4804
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://xenbits.xen.org/xsa/advisory-351.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

354Records found

CVE-2021-3505
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 20:22
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-libtpms_projectn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoralibtpmslibtpms
CWE ID-CWE-331
Insufficient Entropy
CVE-2012-0842
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 29.21%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 14:53
Updated-06 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

surf: cookie jar has read access from other local user

Action-Not Available
Vendor-sucklesssurfDebian GNU/Linux
Product-debian_linuxsurfsurf
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0961
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-2.1||LOW
EPSS-0.05% / 15.71%
||
7 Day CHG~0.00%
Published-26 Dec, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-advanced_package_toolaptn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.2||LOW
EPSS-0.01% / 0.57%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 17:57
Updated-23 Jul, 2025 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, IncFedora Project
Product-enterprise_linuxlinux_kernelfedoraRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-3773
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.22%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 15:47
Updated-23 Jul, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxRed Hat, Inc.Linux Kernel Organization, Inc
Product-debian_linuxlinux_kernelfedoraenterprise_linuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-4915
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.40%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 17:03
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelLinux kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Vim
Product-ubuntu_linuxvimdebian_linuxn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2007-6418
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-18 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-6206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-04 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxRed Hat, Inc.openSUSECanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_kerneldebian_linuxopensuseenterprise_linux_workstationenterprise_linux_euslinux_enterprise_desktopenterprise_linux_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-5827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 16.14%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 19:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.

Action-Not Available
Vendor-iscsitargetn/aDebian GNU/Linux
Product-debian_linuxiscsitargetn/a
CWE ID-CWE-264
Not Available
CVE-2021-3595
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.8||LOW
EPSS-0.02% / 2.92%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Action-Not Available
Vendor-libslirp_projectn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-libslirpdebian_linuxfedoraenterprise_linuxQEMU
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-3594
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.8||LOW
EPSS-0.02% / 2.92%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Action-Not Available
Vendor-libslirp_projectn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-libslirpdebian_linuxfedoraenterprise_linuxQEMU
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2007-2875
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.09% / 27.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-189
Not Available
CVE-2017-10356
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.71% / 71.31%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2023-23908
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.01% / 1.13%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxFedora Project
Product-xeon_d-2796texeon_d-1627_firmwarexeon_d-2738xeon_platinum_8362xeon_gold_6338xeon_d-2777nxxeon_d-1527xeon_gold_6338t_firmwarexeon_d-2766ntxeon_silver_4309yxeon_platinum_8352yxeon_platinum_8380h_firmwarexeon_d-1746ter_firmwarexeon_platinum_8360hl_firmwarexeon_gold_6354_firmwarexeon_d-2163it_firmwarexeon_gold_6326xeon_d-2776ntxeon_d-1527_firmwarexeon_d-2798ntxeon_d-1733ntxeon_d-1521_firmwarexeon_gold_5317_firmwarexeon_d-1557_firmwarexeon_d-2775te_firmwarexeon_d-2766nt_firmwarexeon_silver_4316xeon_d-1518xeon_gold_5318y_firmwarexeon_d-1714xeon_d-2799_firmwarexeon_d-2745nx_firmwarexeon_d-2143itxeon_gold_6348_firmwarexeon_d-2163itxeon_gold_5318s_firmwarexeon_d-1734nt_firmwarexeon_d-2161i_firmwarexeon_d-2779_firmwarexeon_d-1567_firmwarexeon_d-1567xeon_d-2777nx_firmwarexeon_platinum_8380hxeon_d-2173it_firmwarexeon_platinum_8368q_firmwarexeon_platinum_8376hxeon_d-1746terxeon_gold_6312u_firmwarexeon_gold_6330xeon_platinum_8362_firmwarexeon_silver_4310t_firmwarexeon_d-1531_firmwarexeon_gold_6314uxeon_d-2123it_firmwarexeon_d-1715terxeon_d-1571xeon_d-1736_firmwarexeon_platinum_8353hxeon_gold_6348hxeon_gold_6338_firmwarexeon_d-2173itxeon_d-2123itxeon_d-2177nt_firmwarexeon_d-1627xeon_d-1533n_firmwarexeon_d-2796ntxeon_silver_4309y_firmwarexeon_gold_5320hxeon_platinum_8358p_firmwarexeon_d-2779xeon_gold_5320xeon_platinum_8360yxeon_d-1602xeon_gold_6330h_firmwarexeon_d-1539xeon_d-1712trxeon_d-2796te_firmwarexeon_gold_6338tfedoraxeon_d-1713ntexeon_d-2752ter_firmwarexeon_gold_5318sxeon_d-2733nt_firmwarexeon_d-1649n_firmwarexeon_d-2146ntxeon_d-1577_firmwarexeon_platinum_8356h_firmwarexeon_d-2145nt_firmwarexeon_d-1726_firmwarexeon_d-2187ntxeon_d-1732texeon_d-2712txeon_d-1537_firmwarexeon_d-1541_firmwarexeon_platinum_8380hlxeon_gold_5318nxeon_platinum_8358pxeon_d-2166nt_firmwarexeon_d-2166ntxeon_d-2776nt_firmwarexeon_d-1732te_firmwarexeon_d-2712t_firmwarexeon_d-1623n_firmwarexeon_gold_6328h_firmwarexeon_d-1548_firmwarexeon_d-1713nte_firmwarexeon_gold_6328hl_firmwarexeon_gold_6342_firmwarexeon_gold_5317xeon_platinum_8352m_firmwarexeon_d-2183itxeon_platinum_8358_firmwarexeon_d-1622xeon_d-1559_firmwarexeon_platinum_8356hxeon_gold_6348h_firmwarexeon_d-2145ntxeon_platinum_8360y_firmwaremicrocodexeon_d-1529_firmwarexeon_d-1637_firmwarexeon_d-1540_firmwarexeon_gold_5318h_firmwarexeon_d-1733nt_firmwarexeon_d-2733ntxeon_gold_5320txeon_gold_6312uxeon_gold_5320h_firmwarexeon_d-2142it_firmwarexeon_d-2143it_firmwarexeon_d-1736xeon_d-1735trxeon_d-1513n_firmwarexeon_d-2795nt_firmwarexeon_d-2752ntexeon_d-1523n_firmwarexeon_silver_4314xeon_d-2753nt_firmwarexeon_gold_5318n_firmwarexeon_platinum_8352y_firmwarexeon_platinum_8358xeon_gold_5315yxeon_platinum_8352s_firmwarexeon_platinum_8354hxeon_silver_4310_firmwarexeon_d-1718txeon_gold_6338n_firmwarexeon_gold_6326_firmwarexeon_d-1523nxeon_platinum_8351n_firmwarexeon_d-2786nte_firmwarexeon_d-2786ntexeon_d-1540xeon_platinum_8368xeon_d-1653nxeon_d-1528xeon_d-1577xeon_d-1637xeon_silver_4310txeon_d-1715ter_firmwarexeon_platinum_8380xeon_d-2141ixeon_d-1541xeon_gold_6314u_firmwaredebian_linuxxeon_d-1543n_firmwarexeon_platinum_8351nxeon_platinum_8376hl_firmwarexeon_d-1633n_firmwarexeon_gold_6330n_firmwarexeon_platinum_8352vxeon_gold_6336yxeon_d-1722ne_firmwarexeon_d-1747ntexeon_d-2757nx_firmwarexeon_d-1653n_firmwarexeon_d-1734ntxeon_d-1735tr_firmwarexeon_d-1747nte_firmwarexeon_d-1553nxeon_d-1571_firmwarexeon_d-1633nxeon_platinum_8360hlxeon_d-1548xeon_d-1649nxeon_d-1529xeon_platinum_8380_firmwarexeon_gold_6330_firmwarexeon_d-1518_firmwarexeon_gold_5320_firmwarexeon_d-2738_firmwarexeon_platinum_8380hl_firmwarexeon_platinum_8360h_firmwarexeon_d-2757nxxeon_d-1713ntxeon_gold_6354xeon_gold_6336y_firmwarexeon_d-1520xeon_d-2752terxeon_platinum_8354h_firmwarexeon_platinum_8352mxeon_d-2799xeon_d-2146nt_firmwarexeon_d-2795ntxeon_gold_6330hxeon_d-1739_firmwarexeon_d-1736ntxeon_gold_5318hxeon_d-1713nt_firmwarexeon_d-1520_firmwarexeon_platinum_8376hlxeon_silver_4316_firmwarexeon_d-2798nt_firmwarexeon_d-1623nxeon_d-1531xeon_d-1533nxeon_d-1722nexeon_gold_6346xeon_d-2142itxeon_d-1718t_firmwarexeon_d-1622_firmwarexeon_gold_6338nxeon_d-2796nt_firmwarexeon_platinum_8360hxeon_d-1702_firmwarexeon_gold_5315y_firmwarexeon_d-1749nt_firmwarexeon_d-2161ixeon_d-2141i_firmwarexeon_gold_6348xeon_gold_6330nxeon_platinum_8368_firmwarexeon_d-2798nxxeon_platinum_8352v_firmwarexeon_d-2745nxxeon_platinum_8368qxeon_gold_5320t_firmwarexeon_d-1748texeon_silver_4310xeon_silver_4314_firmwarexeon_d-1513nxeon_d-1537xeon_gold_6334xeon_d-2187nt_firmwarexeon_d-2752nte_firmwarexeon_d-1739xeon_d-1543nxeon_d-1528_firmwarexeon_d-1539_firmwarexeon_d-1559xeon_d-1521xeon_d-1702xeon_gold_6342xeon_d-1749ntxeon_d-1748te_firmwarexeon_platinum_8353h_firmwarexeon_d-1712tr_firmwarexeon_platinum_8376h_firmwarexeon_d-2798nx_firmwarexeon_platinum_8352sxeon_gold_6346_firmwarexeon_gold_5318yxeon_gold_6328hxeon_d-2183it_firmwarexeon_d-2753ntxeon_d-2775texeon_d-1557xeon_gold_6334_firmwarexeon_d-1714_firmwarexeon_d-1736nt_firmwarexeon_d-1602_firmwarexeon_gold_6328hlxeon_d-1726xeon_d-2177ntxeon_d-1553n_firmware3rd Generation Intel(R) Xeon(R) Scalable processors
CWE ID-CWE-284
Improper Access Control
CVE-2016-9932
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-26 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-3655
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:48
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-909
Missing Initialization of Resource
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3592
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.8||LOW
EPSS-0.02% / 3.86%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Action-Not Available
Vendor-libslirp_projectn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-libslirpdebian_linuxfedoraenterprise_linuxQEMU
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2014-2079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

Action-Not Available
Vendor-x_file_explorer_projectn/aDebian GNU/Linux
Product-debian_linuxx_file_explorern/a
CWE ID-CWE-264
Not Available
CVE-2019-19947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 23:12
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelfas\/aff_baseboard_management_controllercloud_backupsolidfire_\&_hci_management_nodee-series_santricity_os_controlleractive_iq_unified_managersteelstore_cloud_integrated_storagehci_baseboard_management_controllersolidfire_baseboard_management_controlleraff_baseboard_management_controllerdata_availability_servicesn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-34693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 00:00
Updated-04 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2021-3446
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.31%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:45
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-libtpms_projectn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoralibtpmslibtpms
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2021-3545
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.05%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 13:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemuQEMU
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2017-0361
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.77%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 16:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
api.log contains passwords in plaintext

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

Action-Not Available
Vendor-Debian GNU/LinuxWikimedia Foundation
Product-debian_linuxmediawikimediawiki
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-10729
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.64%
||
7 Day CHG-0.01%
Published-27 May, 2021 | 18:46
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxansible_engineenterprise_linuxAnsible
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-0549
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.02%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 00:03
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-Intel CorporationDebian GNU/LinuxCanonical Ltd.openSUSEFedora Project
Product-xeon_e3-1501m_firmwarexeon_6126xeon_8276_firmwarepentium_g4500_firmwarexeon_5222xeon_w-3245mceleron_3955u_firmwarexeon_6154_firmwarexeon_5215l_firmwarepentium_4415ycore_i3-6300xeon_8180_firmwarecore_i3-6100e_firmwarecore_i3-8350k_firmwarexeon_5218txeon_e-2124g_firmwarecore_i7-9700kfcore_i7-7640xcore_i5-8305g_firmwarecore_i5-7500_firmwarexeon_5220_firmwarecore_i9-10940xcore_i5-8400hxeon_e-2254me_firmwarecore_i7_8500yceleron_g3940xeon_w-2125xeon_5118_firmwarexeon_6262vcore_i5-7y54xeon_8160txeon_e3-1535m_firmwarexeon_8170_firmwarecore_i3-7007u_firmwarecore_i7-6650u_firmwarecore_i9-9900kfxeon_5215_firmwarepentium_g4400tceleron_g3920t_firmwarexeon_6128_firmwarecore_i7-8670xeon_w-2255core_i3-8145uxeon_6246core_i7_10510ycore_i7-6822eqxeon_8160m_firmwarecore_i9-9940x_firmwarecore_i5-7210u_firmwarecore_i3-7020ucore_i7-6700texeon_e3-1285_firmwarecore_i7-6567u_firmwarexeon_5218_firmwarecore_i9-7920xcore_i7-7600uxeon_6142mcore_i5-9400f_firmwarexeon_e-2224xeon_e-2184g_firmwarecore_i5-7y57_firmwarecore_i3-6100t_firmwarexeon_9222core_i3-7100e_firmwarecore_i3-7100ecore_i9-7940x_firmwarexeon_e3-1275_firmwarecore_i5-6442eq_firmwarecore_i5-6287u_firmwarexeon_e-2134_firmwarexeon_3104xeon_6142fcore_m5-6y54xeon_w-2245core_i5-6600kxeon_6252n_firmwarepentium_g5400_firmwarecore_i3-7120t_firmwareceleron_g3940_firmwarexeon_8260lxeon_6242_firmwarecore_i7-7600u_firmwarepentium_g4520_firmwarecore_i5-8400bxeon_4214xeon_e3-1285pentium_g4420xeon_6152core_i7-7820hkcore_i5-6500te_firmwarexeon_8260_firmwarexeon_4116t_firmwarecore_i9-9940xcore_i5-8550xeon_6134mcore_i5-8400h_firmwarexeon_e-2184gcore_i7-6970hqxeon_6140_firmwarecore_i9-9820x_firmwarecore_i5-7500ucore_i3-6120tcore_i5-8600xeon_6240ypentium_g5420_firmwarexeon_4214yceleron_g3930teceleron_3865u_firmwarecore_i7-9700kxeon_3206r_firmwarecore_i5-9400_firmwarexeon_e3-1225celeron_3865ucore_i7-7740x_firmwarexeon_w-2265core_i3-8100xeon_8156pentium_g4520t_firmwarecore_m7-6y75xeon_w-2245_firmwarexeon_e3-1270_firmwarecore_i5-6600t_firmwareceleron_g4900tcore_m3-6y30fedoraceleron_3855u_firmwarecore_i5-7287u_firmwarecore_i7-7700celeron_g3900te_firmwarexeon_8153_firmwarepentium_g5600_firmwarecore_i7-7820hq_firmwarecore_i3-7102ecore_i7-7920hq_firmwarecore_i5-8600kxeon_4114t_firmwarexeon_e-2124_firmwarecore_i7-8700k_firmwarexeon_5218n_firmwarexeon_w-2223_firmwarecore_i7-8700_firmwarexeon_e3-1220core_i7-8750hceleron_g3900_firmwarecore_i5-8365ucore_i9-9960x_firmwarecore_i5-9600kfcore_i5-8500b_firmwarexeon_4109t_firmwarepentium_4410ycore_i3-7100u_firmwarexeon_8164core_i5-7600core_i3-6100h_firmwarecore_i9-7940xxeon_5118pentium_g5400txeon_w-3265_firmwarecore_i9-9960xxeon_6230n_firmwarecore_i3-7120_firmwarexeon_w-2195core_i7-7820eq_firmwarexeon_5218ncore_i5-8550_firmwarexeon_w-3235_firmwarecore_i3-8300core_i5-7400tcore_i5-7267u_firmwarexeon_e3-1535mpentium_4415y_firmwarexeon_e3-1505m_firmwarexeon_6226_firmwarexeon_e-2174gxeon_5215mcore_i7-8809gxeon_8160fxeon_4214_firmwarecore_i7-8700bcore_i5-8420_firmwarecore_i5-7260uxeon_w-2145_firmwarecore_i3-8000t_firmwarecore_i7_8560u_firmwarecore_i7-7500u_firmwarepentium_g5420tcore_i5-7267uxeon_6130f_firmwarecore_i7-7800xxeon_6146_firmwarexeon_6154xeon_6238_firmwarecore_i3-8020_firmwarexeon_4116xeon_5220r_firmwarecore_i7-7820hk_firmwarecore_i9-9900kf_firmwarecore_i7-6560uxeon_w-2123xeon_w-3275mxeon_e3-1505lpentium_g4420txeon_4112_firmwarecore_i5-8300hcore_i5-8600t_firmwarexeon_6252xeon_8180mxeon_6130txeon_6136xeon_4116_firmwarecore_i5-6600_firmwarexeon_6242xeon_8270_firmwarexeon_5120txeon_8160pentium_g4400_firmwarexeon_8158_firmwarecore_i3-7110u_firmwarexeon_6230t_firmwarecore_i5-7300u_firmwarecore_i5-8600_firmwarecore_i5-9600kf_firmwarecore_i7-7510u_firmwarexeon_e-2224_firmwarecore_i7-9750hfceleron_g4920core_i5-9300h_firmwarexeon_6244xeon_e-2274gcore_i3-6167uxeon_6230nxeon_6252ncore_i5-8400b_firmwarecore_i9-9800x_firmwarexeon_6130_firmwarexeon_9221_firmwarecore_i7-6700t_firmwarecore_i3-8100_firmwarecore_i7-7740xxeon_e3-1240_firmwarecore_i7-6500ucore_i3-7110ucore_i7-6500u_firmwarecore_i3-8120xeon_8276l_firmwareceleron_g3902exeon_e-2124core_i9-9880hxeon_6144_firmwarecore_i5-7287ucore_i5-8500t_firmwaredebian_linuxcore_i3-7100h_firmwarecore_i5-8300h_firmwarexeon_6238t_firmwarexeon_4214cxeon_6238core_i5-6300uxeon_5215r_firmwarecore_i7-8565uxeon_4210_firmwarexeon_5218b_firmwarexeon_6134m_firmwarexeon_6238l_firmwarexeon_4108_firmwarecore_i5-7300hq_firmwarexeon_9282_firmwarexeon_e-2274g_firmwarexeon_e3-1245core_i5-7300hqcore_i7-8706g_firmwarecore_i7-7560uxeon_w-2133_firmwarecore_i5-6600k_firmwarecore_i3-6110u_firmwarexeon_5222_firmwarecore_i5-7400t_firmwarecore_i3-6100hcore_i3-8100t_firmwarecore_i5-6200u_firmwarexeon_6138f_firmwarexeon_8276xeon_6226xeon_w-3265m_firmwarexeon_6148_firmwarexeon_8164_firmwarecore_i7-8850h_firmwarecore_m7-6y75_firmwarecore_i7-6700hqpentium_g4500t_firmwarexeon_5218t_firmwarecore_i7-9700kf_firmwarecore_i9-7900x_firmwarecore_i7-7800x_firmwarexeon_w-2225_firmwarecore_i7-9850h_firmwarexeon_6150core_i5-6350hqxeon_5120xeon_8280l_firmwarecore_i7-6660u_firmwarecore_i5-7600txeon_8276mcore_i5405u_firmwarecore_i9-9820xcore_i3-6100te_firmwarexeon_6126f_firmwarexeon_9222_firmwarexeon_w-2155core_i5-6350hq_firmwarexeon_8260l_firmwarecore_i7-7500ucore_i7-8550uxeon_9242_firmwareubuntu_linuxxeon_e-2224gxeon_w-2135core_i3-6120_firmwarexeon_e3-1505mcore_i5-6310u_firmwarexeon_w-2145xeon_8276lcore_i5-6400_firmwarecore_i7-6650ucore_i7_8650ucore_i9-9900x_firmwarecore_i5_10110y_firmwarecore_i5-9300hcore_i5-6210uxeon_e3-1240xeon_4210rpentium_g5420core_i3-7167u_firmwarecore_i9-10920x_firmwarepentium_g5500_firmwarecore_i7-8665u_firmwarecore_i3-7167ucore_i3-6100tcore_i5-9400hleapcore_i7-7567uxeon_w-2295_firmwarecore_i3-8145u_firmwarepentium_4405u_firmwarexeon_6126fcore_i7_10510y_firmwarecore_i3-7340_firmwarexeon_8268_firmwarecore_i7-7660u_firmwarexeon_4216rpentium_g5500tcore_i7-7820hqcore_i5-6260u_firmwareceleron_g3920txeon_8156_firmwarexeon_6126txeon_4215core_i7-8750h_firmwarexeon_3106core_i3-6100ecore_i3-8300t_firmwarecore_i5-7400_firmwarexeon_e3-1280xeon_5220s_firmwareceleron_3955ucore_i7-9700k_firmwarexeon_6240_firmwarexeon_4214y_firmwarexeon_5115core_i5-7y54_firmwarexeon_5215pentium_4405y_firmwarecore_i7-6567uxeon_6130fxeon_e-2174g_firmwarecore_i3-7101exeon_8180xeon_6138fxeon_6238lcore_i9-7900xcore_i9-8950hk_firmwarecore_i5-8500xeon_4209tcore_i7-6870hq_firmwarexeon_w-3223core_i3-8000_firmwarecore_i5-7600_firmwarexeon_w-3275m_firmwarecore_i7-7510uxeon_w-2235_firmwarecore_i5-6267u_firmwarexeon_6140mcore_i5-8265uxeon_5115_firmwarexeon_e-2254mexeon_6240xeon_w-3235core_i3-7007ucore_i5-6300hqcore_i3-6110uxeon_6142f_firmwarexeon_6148f_firmwarecore_i5-6440hqcore_i7-7y75xeon_8176mxeon_w-2225xeon_6252_firmwarecore_i7-7560u_firmwarexeon_w-2133core_i7-6700core_i5-7y57celeron_g3920_firmwarexeon_4108core_i3-8350kcore_i7_8560ucore_i5-7500tcore_i5-9600k_firmwarexeon_e-2224g_firmwarecore_i7_8500y_firmwarecore_i3-6102e_firmwarexeon_6240m_firmwarexeon_e3-1230_firmwarexeon_w-2223xeon_4214c_firmwarecore_i9-7920x_firmwarecore_i7-8705gcore_i7-7700kpentium_g4540_firmwarecore_i7-8665ucore_i4205ucore_i3-8300txeon_6240y_firmwarecore_i7-7660ucore_i7-6600ucore_i3-6100u_firmwarecore_i3-8120_firmwarecore_i7-8706gxeon_w-3225xeon_4215_firmwarecore_i9-9880h_firmwarecore_i7-8700t_firmwarexeon_5220t_firmwarecore_i9-7960x_firmwarepentium_g5500t_firmwarecore_i7-8700core_i5-7500u_firmwarexeon_e3-1501lcore_i3-6300txeon_6238mcore_i5-6310ucore_i3-7130u_firmwarexeon_w-2155_firmwarecore_i5-8400core_i3-6120xeon_4110_firmwarecore_i7-8705g_firmwarecore_i7-7700txeon_w-3225_firmwarexeon_9282xeon_w-2295core_i5-7260u_firmwarecore_i7-6600u_firmwarecore_i5-7600k_firmwarecore_i7-6770hqxeon_w-3245m_firmwarecore_i7-8700kxeon_9220_firmwarexeon_6262v_firmwarexeon_5220core_i7_8550ucore_i5-8600k_firmwarecore_i5-7200u_firmwarecore_i5-7442eqxeon_e-2134xeon_e-2284g_firmwarexeon_5120t_firmwarepentium_g4500txeon_4116tcore_i7_8550u_firmwarecore_i5-7442eq_firmwarecore_i7_8559uxeon_8170m_firmwarecore_i7-8569u_firmwarexeon_e-2144g_firmwarexeon_5122xeon_9242xeon_4208xeon_6246_firmwarexeon_5218bcore_i5-7360u_firmwarexeon_w-2275_firmwarexeon_6144xeon_6230txeon_8280_firmwarecore_i5-6442eqxeon_6254core_i5-8420tcore_i9-7960xcore_i5-9600kcore_i7-7820xceleron_g3900core_i3-6300_firmwarecore_i5_10110ycore_i7-7640x_firmwarecore_i7-7700hqpentium_g5600xeon_6142_firmwarecore_i9-7980xexeon_3206rceleron_g4900t_firmwarecore_i3-8100hxeon_e3-1225_firmwarecore_i7-6870hqxeon_5220sxeon_4114pentium_g4500xeon_6146xeon_8253_firmwarexeon_6222v_firmwarecore_i5-8350uxeon_6134xeon_3104_firmwarecore_i3-6320t_firmwarexeon_5119txeon_w-3223_firmwarecore_i5-7300ucore_i5-6440hq_firmwarecore_m3-6y30_firmwarexeon_5217_firmwarepentium_4415u_firmwarexeon_w-3265mcore_i5-8500tceleron_3965y_firmwarecore_i5-7500xeon_8268xeon_w-2255_firmwarexeon_6234xeon_6240lcore_i5-6400xeon_5215rcore_i5-7200upentium_g4540core_i5-8350u_firmwarecore_i7-8700b_firmwareceleron_g3930exeon_8168_firmwarecore_i9-8950hkpentium_g4520xeon_8256_firmwarexeon_4210xeon_6142pentium_4405ucore_i7-6820hq_firmwarecore_i3-6320_firmwarecore_i7-7920hqpentium_g4400t_firmwarexeon_8260yxeon_6126t_firmwarexeon_e-2254mlxeon_5220tcore_i5-8400txeon_w-2123_firmwarexeon_8160f_firmwarexeon_8256core_i3-6100_firmwarexeon_8280xeon_4209t_firmwarecore_i9-10920xxeon_8160t_firmwarexeon_6244_firmwarecore_i5-8420core_i7-8670txeon_e-2254ml_firmwarexeon_6148core_i7-6660uceleron_3965uceleron_g4920_firmwarecore_i3-6120t_firmwarexeon_9220core_i5_10310yxeon_8160mcore_i5-6500_firmwarecore_i3-7100hcore_i3-7101te_firmwarexeon_e3-1220_firmwarexeon_4109txeon_6128core_i5-6500t_firmwarexeon_e3-1501l_firmwarexeon_e-2244gcore_i9-9900kxeon_4110core_i3-6320tcore_i7-8709gcore_i3-7120xeon_5220rcore_i7-8550u_firmwarecore_i7-7y75_firmwarecore_i5-6287upentium_g4420t_firmwarexeon_8180m_firmwarexeon_6130t_firmwarexeon_5215lcore_i5-7640x_firmwarecore_i5-9400core_i9-9920xcore_i3-8100txeon_6150_firmwarepentium_4415ucore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-6700k_firmwarecore_i5-8650k_firmwarecore_i5-7500t_firmwarecore_i7-8700tcore_i7-6820hk_firmwarexeon_6230_firmwarecore_i7-6820hqxeon_6140core_i5-7400xeon_e3-1501mcore_i7-8650uxeon_8160_firmwarecore_i5_10210y_firmwarecore_i3-7102e_firmwarecore_m3-7y30_firmwarexeon_e3-1245_firmwarexeon_8153xeon_6132_firmwarecore_i5-6600core_i7-6700tcore_i7-6920hqxeon_8170mxeon_6132xeon_8276m_firmwarecore_i3-6167u_firmwarecore_i3-6100uxeon_4208rxeon_8176fcore_i7-6700_firmwarexeon_e-2234_firmwarecore_i3-7320t_firmwarepentium_g4400texeon_e3-1280_firmwarecore_i9-9800xxeon_w-3265core_i7-6510u_firmwarexeon_6136_firmwarecore_i7-6822eq_firmwarecore_i7-8565u_firmwarexeon_w-3245xeon_4216_firmwarexeon_8158xeon_8176f_firmwarexeon_6148fxeon_8168core_i5-8500bxeon_e-2124gcore_i5-7600t_firmwarexeon_8176_firmwarecore_i9-7980xe_firmwarecore_i5-7440hq_firmwarecore_i7_8650u_firmwarecore_i5-6300hq_firmwarexeon_e-2234core_i7-8709g_firmwarexeon_6238m_firmwarepentium_g4520tceleron_g3930e_firmwareceleron_3965u_firmwarexeon_6138tcore_i7-9850hcore_i5_10310y_firmwarecore_i5-9400fcore_i3-8000core_i7-6700kcore_i3-6320core_i3-7320tcore_i5-7440eqcore_i7-6820eq_firmwarepentium_4410y_firmwarecore_i7-7820x_firmwareceleron_g3900txeon_8280lxeon_w-2195_firmwarexeon_6230xeon_4208r_firmwarecore_i3-8130u_firmwarecore_i3-8000tceleron_g3920core_i5-6400txeon_6140m_firmwarexeon_4216core_i3-7100uxeon_5122_firmwarexeon_3204core_i3-7101texeon_5119t_firmwarexeon_6234_firmwarexeon_w-3275xeon_w-2265_firmwarexeon_8270core_i5-7600kxeon_4112core_m5-6y57core_i5-8250ucore_i7-6920hq_firmwarecore_i7-7820eqxeon_e3-1275xeon_4114txeon_6248_firmwarecore_i5405ucore_i5-7360ucore_i7_8565ucore_i5-6500core_i3-7340core_i7-8650u_firmwarecore_i7_8559u_firmwarexeon_w-3245_firmwarexeon_8260mcore_i5-6200ucore_i7-8670t_firmwarecore_i9-9900k_firmwarecore_i7-7700k_firmwarecore_i7-6700hq_firmwarexeon_4208_firmwarecore_i5-8650_firmwarexeon_w-2135_firmwarecore_i5-8250u_firmwarexeon_6126_firmwareceleron_g3902e_firmwarecore_i7-7567u_firmwarexeon_8176m_firmwarecore_i5-8400_firmwarecore_i7-8670_firmwarecore_i7-6970hq_firmwarexeon_6138t_firmwarecore_i7-7700hq_firmwarecore_i7-6820hkxeon_6254_firmwarexeon_8260y_firmwarepentium_g4400core_i5-7440eq_firmwarecore_i9-9900xcore_i7-9750hf_firmwarecore_i5-8400t_firmwarexeon_4216r_firmwarexeon_w-2125_firmwarexeon_e-2284gcore_i5-6400t_firmwarecore_i3-6102ecore_i5-8365u_firmwarexeon_w-2175_firmwarecore_i7-6700te_firmwarecore_i5-6600txeon_8280m_firmwarecore_i3-8020pentium_g4420_firmwarexeon_6134_firmwarexeon_e-2244g_firmwarecore_i7-6510ucore_i5-6360u_firmwarecore_i3-8100h_firmwarexeon_5120_firmwarexeon_w-2235core_i7-8850hcore_i5-7210ucore_i3-7130ucore_i5-8265u_firmwarexeon_6130core_i9-10900x_firmwarecore_i7-6560u_firmwarecore_i3-8300_firmwarecore_i7_8565u_firmwarecore_i7-6820eqxeon_4214rcore_i9-10900xceleron_g3930te_firmwarexeon_5215m_firmwarecore_i5-8650core_i5-6500texeon_6152_firmwarecore_i5_10210ycore_m3-7y30core_i5-8500_firmwarecore_i5-6210u_firmwarexeon_6222vxeon_6240mcore_i5-6300u_firmwarexeon_4214r_firmwarecore_i7-8809g_firmwarexeon_6238txeon_e3-1230xeon_8170xeon_8260m_firmwarexeon_6240l_firmwarecore_i7-7700t_firmwarecore_i9-9980hk_firmwarexeon_w-3275_firmwareceleron_g4900core_i5-9400h_firmwarepentium_4405yxeon_6142m_firmwarecore_i5-8420t_firmwarepentium_g5500xeon_8176celeron_g3900t_firmwarecore_i3-6100xeon_w-2275core_i5-7640xxeon_5218xeon_8280mceleron_g4900_firmwarecore_i5-7440hqcore_m5-6y54_firmwarexeon_e-2144gcore_i5-6360uxeon_e3-1505l_firmwarecore_i9-10940x_firmwarepentium_g5420t_firmwarecore_i3-6300t_firmwarecore_m5-6y57_firmwarecore_i7-8569uxeon_4210r_firmwarecore_i5-8650kcore_i7-7700_firmwarecore_i7-6770hq_firmwarexeon_8260core_i5-6267uceleron_3965ypentium_g5400t_firmwarexeon_9221pentium_g4400te_firmwarexeon_6138_firmwarexeon_6138xeon_6248celeron_g3900texeon_3204_firmwarecore_i4205u_firmwarecore_i3-7020u_firmwarecore_i3-7101e_firmwareceleron_3855ucore_i5-6440eqcore_i9-9920x_firmwarecore_i5-8600tcore_i5-8305gcore_i5-6440eq_firmwarecore_i9-9980hkxeon_8253core_i3-6100texeon_5217pentium_g5400core_i3-8130uxeon_e3-1270xeon_3106_firmwarexeon_w-2175xeon_4114_firmwareIntel(R) Processors
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2006-1844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 21.59%
||
7 Day CHG~0.00%
Published-19 Apr, 2006 | 16:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-base-configshadown/a
CVE-2020-0543
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 66.39%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:55
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationMcAfee, LLCSiemens AGFedora ProjectopenSUSECanonical Ltd.
Product-celeron_2957uxeon_e3-1230_v5xeon_e3-1558l_v5core_i3-6300core_i7-4790tcore_m-5y3core_i7-5775rceleron_5305ucore_i7-4765tcore_i3-4025ucore_i7-9700kfcore_i7-4785tcore_i5-8400hceleron_g3940core_i3-4120ucore_i5-7y54core_i3-3250core_i5-4440simatic_ipc547g_firmwarecore_i5-3470score_i3-2115cxeon_e-2226gcore_i9-9900kfpentium_g4400txeon_e3-1226_v3xeon_e3-1280_v5xeon_e3-1265l_v2core_i7-8670pentium_a1018_v2core_i3-8145ucore_i7-6822eqcore_i5-4258ucore_i7-6700tecore_i3-7020ucore_i7-4770rxeon_e3-1501l_v6core_i3-8109ucore_i5-4260ucore_i7-7600ucore_i5-4670kxeon_e-2224core_i5-10110ycore_i7-3770celeron_g1830core_i3-7100ecore_i7-4770pentium_g3258xeon_e3-1505l_v6xeon_e-2278gecore_m5-6y54simatic_field_pg_m6_firmwaresimatic_ipc427d_firmwarecore_i5-4690tcore_i5-6600kcore_4415ycore_i5-5675ccore_i3-4360core_i7-4600uceleron_1020ecore_i5-8400bsimatic_ipc427e_firmwaresimatic_ipc647d_firmwarecore_i7-4980hqcore_i7-4710hqcore_i5-5250upentium_g4420celeron_1020mcore_i7-7820hkcore_i3-i3-8100hcore_i7-5850hqcore_i3-4170core_m-5y10ccore_i5-8550core_i3-4160txeon_e-2184gcore_i7-6970hqcore_i5-3340mxeon_e3-1265l_v4core_i3-6120tcore_i5-7500ucore_i5-8600celeron_g3930tecore_i5-3317uxeon_e-2136core_i7-10510ucore_i7-9700kceleron_3865ucore_i3-8100simatic_ipc527gpentium_g3460tcore_m7-6y75core_i3-3220pentium_g3440celeron_g4900tcore_m3-6y30core_i5-4570rfedorasimatic_ipc477d_firmwarecore_4205uxeon_e3-1535m_v5simatic_ipc527g_firmwarecore_i7-7700core_m-5y10simatic_field_pg_m5core_i3-7102ecore_i7-4712hqxeon_e3-1268l_v5celeron_2955ucore_i5-8600ksimatic_ipc477e_firmwarecore_i5-3550simatic_field_pg_m6core_i7-8750hxeon_e3-1501m_v6core_i5-8365usimatic_ipc827dcore_i5-4278ucore_i5-9600kfceleron_927ueceleron_g4930core_i5-7600core_i3-3227ucore_i5-3437upentium_g5400tcore_i5-4460xeon_e3-1270_v6core_i7-3920xmpentium_g2120_v2pentium_g3220xeon_e-2286mxeon_e3-1505m_v5pentium_g2020t_v2core_i3-5006upentium_3560mpentium_3561ycore_i7-5650uxeon_e-2276gcore_i3-8300xeon_e-2186gcore_i3-5005ucore_i5-7400tsimatic_ipc627dcore_i3-5020upentium_g3440txeon_e-2174gcore_i7-8809gxeon_e3-1105ccore_i5-5257ucore_i5-7260ucore_i7-8700bcore_m-5y70xeon_e3-1280_v2xeon_e3-1220_v2simotion_p320-4s_firmwarecore_i7-3612qepentium_g5420tcore_i5-4440score_i5-7267upentium_g3430core_i5-7y57_xeon_e3-1585_v5core_i5-10210ycore_i5-4402ecceleron_2970mcore_i7-6560upentium_g4420tpentium_g3460simatic_ipc477e_pro_firmwarecore_i5-8300hcore_i3-4020ycore_i3-4160pentium_3558ucore_i3-3229ycore_i7-5600uxeon_e3-1280_v3xeon_e3-1285_v3core_i5-3450pentium_3805ucore_4410yxeon_e3-1281_v3simatic_ipc647e_firmwarecore_i7-3632qmxeon_e3-1240l_v3pentium_gold_6405uceleron_g4920core_i3-6167uxeon_e-2274gcore_i7-3517uceleron_g1820xeon_e-2278gelcore_i5-3570xeon_e3-1270_v2xeon_e3-1280_v6xeon_e3-1225_v3core_i5-5200usimatic_ipc347e_firmwarecore_i7-7740xpentium_1405_v2core_i7-6500ucore_i3-3240tcore_i3-7110ucore_i3-8120celeron_g3902exeon_e-2124core_i9-9880hcore_i5-7287uxeon_e3-1275_v3simotion_p320-4ecore_i7-3940xmcore_i7-4950hqcore_i7-3740qmceleron_1047uecore_i5-6300ucore_i7-4700hqxeon_e-2276mecore_i7-8565uxeon_e3-1125ccore_i7-4770hqcore_i7-4910mqceleron_1019ycore_i5-7300hqcore_i7-7560uxeon_e3-1271_v3core_i3-6100hxeon_e3-1535m_v6simatic_ipc827d_firmwarecore_i5-8259uxeon_e3-1220_v5core_i7-4860hqcore_i7-3770kceleron_3765usimatic_ipc847ecore_i5-4300ucore_i3-3130msimatic_ipc427ecore_i7-6700hqpentium_2127u_v2simatic_ipc427dpentium_3665ucore_i3-3217uecore_i7-4850hqpentium_g3260core_i3-3240simotion_p320-4score_i5-6350hqpentium_3215ucore_i3-4150core_i5-7600tpentium_g2030_v2simatic_ipc3000_smartcore_i5-3360msimatic_ipc547ecore_i7-4702mqcore_i3-4100ucore_i5-4220ypentium_g3240xeon_e3-1258l_v4core_i7-7500ucore_i7-8550uubuntu_linuxxeon_e-2224gthreat_intelligence_exchange_servercore_i7-3687ucore_i7-4558ucore_i7-4550ucore_i7-4770sxeon_e-2226gecore_i7-6650ucore_i3-4340core_i3-4005ucore_m-5y71core_i5-6210ucore_i7-3612qmpentium_g5420pentium_g2140_v2core_i3-7167uceleron_g1620core_i3-6100tcore_i5-9400hcore_i7-8500ycore_i7-7567uleapcore_i7-5557ucore_i7-4960hqxeon_e3-1286_v3core_i5-4308upentium_g2020_v2celeron_3755ucore_i7-4710mqxeon_e3-1230_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarecore_i7-7820hqpentium_g5500txeon_e3-1585l_v5celeron_g3920tcore_i5-8210ycore_i7-3520mpentium_b915ccore_i3-6100eceleron_2980uceleron_3955ucore_i5-4210uxeon_e3-1275_v5xeon_e3-1221_v3xeon_e3-1240_v5xeon_e3-1230l_v3core_i7-6567usimatic_ipc677ecore_i7-5775ccore_i3-7101ecore_i7-3770txeon_e3-1515m_v5xeon_e3-1225_v5core_i5-8500core_i7-3635qmcore_9300hcore_i7-4790score_i7-7510ucore_i5-4570score_i7-8510ycore_i3-4350tceleron_g1610tcore_i5-8265upentium_3765ucore_i7-5700eqcore_i3-4012ycore_i3-6110ucore_i3-7007ucore_i5-6300hqxeon_e-2254mesimatic_field_pg_m4core_i5-6440hqcore_i7-7y75core_i7-4702eccore_i7-6700xeon_e3-1220_v3core_i3-8350kcore_i5-3337ucore_i5-7500txeon_e3-1505m_v6core_i5-3470core_i7-3689ycore_i7-7700kcore_i7-8705gpentium_g3450core_i7-8665uxeon_e-2276mcore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_e3-1220l_v2core_i3-4330core_i3-4170txeon_e3-1565l_v5xeon_e-2236core_i7-3537ucore_i7-4500uxeon_e3-1240_v6core_i5-6310ucore_i7-8700pentium_g3260tceleron_2981ucore_i3-6300tcore_i5-3330core_i3-6120core_i5-8400pentium_g3250tcore_i5-3380mcore_i7-3517uecore_i7-3720qmcore_i7-7700tcore_i5-10210ucore_i5-4350upentium_2030m_v2core_i7-6770hqcore_i7-8700kxeon_e3-1268l_v3core_m-5y10asimatic_ipc347ecore_i7-5850eqcore_i7-4578ucore_i5-7442eqxeon_e-2134pentium_2129y_v2core_i5-3550score_i3-4130tpentium_g4500tcore_i3-3220tcore_i7-4771core_i5-4590sxeon_e3-1285_v6core_i7-3667uceleron_725cxeon_e3-1278l_v4core_i3-3120mcore_i5-4250uxeon_e3-1220l_v3xeon_e3-1225_v6core_i3-4100msimatic_ipc847dcore_i7-10510yxeon_e3-1240l_v5core_i7-4722hqcore_i5-4430ssimatic_ipc477ecore_i5-6442eqcore_i7-4790simatic_field_pg_m4_firmwarecore_i5-8420tceleron_g3900core_i5-9600kxeon_e3-1290_v2pentium_3205uxeon_e3-1286l_v3xeon_e3-1125c_v2core_i5-3340core_i7-7700hqpentium_g5600core_i7-3540mxeon_e3-1245_v3core_i7-3610qecore_i3-8100hxeon_e3-1245_v5core_i7-6870hqxeon_e3-1230_v2pentium_3556upentium_g4500celeron_1005mcore_i5-4210hcore_i5-3330spentium_g3220tcore_i5-8350ucore_i7-4800mqcore_i3-4010ycore_i7-4750hqcore_i5-7300upentium_2117u_v2xeon_e3-1240_v2xeon_e-2246gcore_i5-8500tcore_8269ucore_i5-7500core_i5-4670rcore_i3-4110mcore_i5-4670tcore_i5-3610mecore_i5-4690core_i7-4700eqcore_i3-4370tcore_i5-6400pentium_3825upentium_b925cxeon_e3-1241_v3simatic_ipc677dcore_i5-3427ucore_i5-7200upentium_g4540core_i5-3570spentium_g2030t_v2celeron_g1820tceleron_g3930esimatic_ipc847e_firmwarecore_i7-4702hqcore_i9-8950hkpentium_g4520core_i7-3820qmpentium_4405ucore_i5-5350core_i7-7920hqxeon_e-2254mlxeon_e3-1545m_v5core_i5-8400tcore_i3-5015ucore_i5-4590simatic_ipc477e_procore_i3-4158ucore_m-5y51core_i5-8420core_i7-8670txeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5celeron_3965ucore_i7-4720hqcore_i7-5500uxeon_e3-1260l_v5simatic_ipc647ecore_i7-3840qm_core_i5-4570xeon_e3-1246_v3core_i3-7100hceleron_g1840core_i3-3245core_i3-4370xeon_e3-1265lxeon_e3-1235_v2core_i7-4610yxeon_e-2276mlxeon_e-2244gceleron_1037ucore_i9-9900kxeon_e-2176gcore_i5-4460txeon_e3-1275l_v3simatic_ipc3000_smart_firmwarecore_i3-4350celeron_g1630core_i3-6320tcore_i5-3320mcore_i5-4670core_i3-7120core_i7-8709gsimatic_ipc627ecore_i5-6287ucore_i5-4210ycore_i7-4712mqcore_i5-9400core_i3-8100tpentium_4415ucore_i7-4510ucore_i7-5950hqcore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-8557ucore_i7-5550uxeon_e3-1245_v2simatic_ipc547gceleron_g1610core_i7-8700tcore_i3-4150tcore_i7-4770kcore_i3-4030ucore_i7-6820hqcore_i5-7400core_i7-8650ucore_i7-3615qmcore_i5-4200ucore_i5-6600core_i7-6700tcore_i7-6920hqcore_i3-3115ccore_i3-6100uxeon_e3-1230_v6core_i3-4330tpentium_g4400tecore_i3-3110mcore_i5-4670sxeon_e3-1276_v3simatic_ipc627e_firmwarecore_i5-8500bxeon_e-2124gcore_i5-5575rxeon_e3-1231_v3core_i5-3230msimotion_p320-4e_firmwarexeon_e-2288gcore_i5-3475sxeon_e-2234core_i7-4900mqpentium_g4520tcore_i3-6320core_i5-9400fcore_i7-6700kcore_i3-8000core_i7-9850hpentium_3560ycore_i3-7320tcore_i5-7440eqceleron_1007ucore_i7-8560uceleron_g3900tcore_i7-3770score_i5-4690score_i3-8000tceleron_g3920core_i5-6400tpentium_g2130_v2core_i3-7100uceleron_g1850core_i5-5287ucore_i3-7101tesimatic_ipc677d_firmwarecore_i5-3570txeon_e3-1105c_v2core_i5-7600kcore_m5-6y57core_i5-8250upentium_g2010_v2core_5405usimatic_ipc547e_firmwarexeon_e-2126gcore_i5-3340score_i3-4130core_i7-7820eqcore_i5-3570kceleron_g1840tcore_i5-4300ycore_i5-7360uxeon_e3-1240_v3core_i7-4700mqcore_i5-6500core_i3-7340celeron_1017ucore_9750hfcore_i3-5157uxeon_e3-1220_v6core_i5-6200ucore_i5-3339ycore_m3-8100ysimatic_ipc477dcore_i5-5675rxeon_e3-1225_v2xeon_e-2186mcore_i3-4030ysimatic_itp1000_firmwarexeon_e-2176mxeon_e3-1285_v4core_i3-3250tcore_i7-6820hkpentium_g3420pentium_g3420tpentium_g4400core_i3-3120mecore_i5-4570tcore_i5-10310ycore_i7-3615qecore_i7-3630qmxeon_e-2284gcore_i3-6102ecore_i3-3210core_i5-6600tcore_i5-4430core_i3-8020core_i5-3439ycore_i7-4810mqxeon_e3-1275_v6core_i7-6510uxeon_e3-1575m_v5xeon_e-2278gxeon_e3-1505l_v5xeon_e3-1245_v6core_i3-4010ucore_i7-8850hcore_i5-7210ucore_i3-7130ucore_i7-4650ucore_i7-3555lecore_i7-4760hqsimatic_itp1000core_i5-5350ucore_i7-4700eccore_i7-6820eqcore_i7-3610qmcore_i7-4770tcore_i5-8650simatic_ipc647dcore_i5-6500texeon_e3-1235l_v5core_i7-5700hqcore_m3-7y30xeon_e3-1285l_v3core_i5-4202ycore_i5-4302yceleron_g4950celeron_1000mcore_i3-4360tpentium_g2120t_v2core_i3-3225celeron_g4900pentium_4405ycore_i3-3217ucore_i3-5010upentium_g5500xeon_e3-1275_v2core_i5-8200ycore_i3-6100core_i5-4460score_i5-8310ycore_i5-7640xpentium_g3450tsimatic_ipc627d_firmwareceleron_g1620tcore_i5-7440hqcore_i5-6360uxeon_e-2144gcore_i7-8569ucore_i5-8650kcore_i5-3470tcore_i7-5750hqcore_i5-4590tcore_i5-6267ucore_i5-3350pcore_i5-4288uceleron_3965ypentium_g3470core_i5-3450sceleron_g3900tepentium_g3240tcore_i5-3210mceleron_3855usimatic_ipc677e_firmwarecore_i5-6440eqcore_i5-4200ycore_i5-8600tcore_i5-8305gcore_i9-9980hkcore_i7-4870hqcore_i7-8559upentium_g2100t_v2xeon_e-2146gcore_i3-6100tepentium_g3250core_i3-8130upentium_g5400pentium_2020m_v2xeon_e3-1270Intel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2014-3615
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.09% / 26.77%
||
7 Day CHG~0.00%
Published-01 Nov, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausqemuvirtualizationenterprise_linux_eusopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxopenstackn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-9384
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-22 Feb, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-0427
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 00:00
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

Action-Not Available
Vendor-starwindsoftwaren/aopenSUSEGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxstarwind_virtual_sanleapAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-4482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectNovellCanonical Ltd.
Product-suse_linux_enterprise_real_time_extensionsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_debuginfolinux_kernelfedorasuse_linux_enterprise_live_patchingubuntu_linuxsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_module_for_public_cloudsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2005-1855
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-2.1||LOW
EPSS-0.06% / 18.48%
||
7 Day CHG~0.00%
Published-29 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.

Action-Not Available
Vendor-sukrian/aDebian GNU/Linux
Product-debian_linuxbackup_managern/a
CVE-2005-0624
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 18.41%
||
7 Day CHG~0.00%
Published-02 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-reportbugn/a
CVE-2005-0625
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 24.78%
||
7 Day CHG~0.00%
Published-02 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-reportbugn/a
CVE-2003-0618
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 16.89%
||
7 Day CHG~0.00%
Published-25 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

Action-Not Available
Vendor-perln/aDebian GNU/Linux
Product-suidperldebian_linuxn/a
CVE-2004-1340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 17.93%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2019-9445
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.24% / 47.27%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 21:50
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLCDebian GNU/Linux
Product-androiddebian_linuxubuntu_linuxAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2002-0875
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.07% / 76.83%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSilicon Graphics, Inc.
Product-famirixdebian_linuxn/a
CVE-2001-0235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2016-9103
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.37%
||
7 Day CHG-0.00%
Published-09 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0083
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 13:57
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

Action-Not Available
Vendor-net-ldap_projectruby-net-ldapDebian GNU/Linux
Product-net-ldapdebian_linuxruby-net-ldap
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-1999-1572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Action-Not Available
Vendor-n/aUbuntuDebian GNU/LinuxRed Hat, Inc.FreeBSD FoundationMandriva (Mandrakesoft)
Product-ubuntu_linuxenterprise_linux_desktopdebian_linuxfreebsdenterprise_linuxmandrake_linuxn/a
CVE-2021-4159
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 15:10
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-202
Exposure of Sensitive Information Through Data Queries
CVE-2019-14846
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.14% / 34.81%
||
7 Day CHG-0.01%
Published-08 Oct, 2019 | 18:44
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxopenstackbackports_sleansible_engineleapAnsible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2016-7440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Action-Not Available
Vendor-wolfssln/aDebian GNU/LinuxOracle CorporationMariaDB Foundation
Product-debian_linuxmariadbmysqlwolfssln/a
CVE-2016-6836
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-10 Dec, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-665
Improper Initialization
CVE-2019-7222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 18:52
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSECanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxelement_software_management_nodeenterprise_linux_server_ausenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_desktopactive_iq_performance_analytics_servicesdebian_linuxlinux_kernelenterprise_linux_workstationfedoraenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timeleapn/a
CVE-2019-3500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 07:00
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-aria2_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-debian_linuxubuntu_linuxfedoraaria2n/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-2101
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 19:41
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968.

Action-Not Available
Vendor-Canonical Ltd.AndroidGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxubuntu_linuxAndroid
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found