Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-4387

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-01 Jul, 2020 | 14:25
Updated At-16 Sep, 2024 | 20:06
Rejected At-
Credits

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:01 Jul, 2020 | 14:25
Updated At:16 Sep, 2024 | 20:06
Rejected At:
▼CVE Numbering Authority (CNA)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

Affected Products
Vendor
IBM CorporationIBM
Product
DB2 for Linux- UNIX and Windows
Versions
Affected
  • 9.7
  • 10.1
  • 10.5
  • 11.1
  • 11.5
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
3.06.2MEDIUM
CVSS:3.0/C:H/UI:N/PR:N/A:N/AC:L/I:N/AV:L/S:U/E:U/RC:C/RL:O
Version: 3.0
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.0/C:H/UI:N/PR:N/A:N/AC:L/I:N/AV:L/S:U/E:U/RC:C/RL:O
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6242336
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/179269
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/6242336
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/179269
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6242336
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/179269
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6242336
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/179269
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:01 Jul, 2020 | 15:15
Updated At:07 Jul, 2020 | 01:55

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.06.2MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.01.9LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 1.9
Base severity: LOW
Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>db2>>9.7.0.0
cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.1.0.0
cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.5.0.0
cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>11.1.0.0
cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>11.5.0.0
cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/179269psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6242336psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/179269
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6242336
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

982Records found
CVE-2024-27019
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 0.19%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 05:30
Updated-04 May, 2025 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in __nft_obj_type_get(). Therefore, there is potential data-race of nf_tables_objects list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_objects list in __nft_obj_type_get(), and use rcu_read_lock() in the caller nft_obj_type_get() to protect the entire type query process.

Action-Not Available
Vendor-Linux Kernel Organization, IncFedora Project
Product-fedoralinux_kernelLinux
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-3753
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 1.10%
||
7 Day CHG-0.00%
Published-16 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, IncRed Hat, Inc.
Product-bootstrap_osh500senterprise_linuxactive_iq_unified_managerh300s_firmwareh410c_firmwareh410sh300shci_compute_nodeelement_softwaresolidfirelinux_kernelhci_management_nodeh410s_firmwareh700s_firmwareh500s_firmwareh410ch700skernel
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-4652
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.05% / 15.34%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSERed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverlinux_kernelubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-4508
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-1.9||LOW
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-21 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-29116
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.35% / 56.92%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11Windows 11 version 21H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-30212
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 53.81%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Information Disclosure Vulnerability

Windows Connected Devices Platform Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows Server version 20H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 20H2Windows 11 version 21H2Windows 10 Version 21H1
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-4386
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.34%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:25
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux- UNIX and Windows
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-21536
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.19% / 40.86%
||
7 Day CHG-0.04%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event Tracing for Windows Information Disclosure Vulnerability

Event Tracing for Windows Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-21766
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-3.92% / 87.83%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Overlay Filter Information Disclosure Vulnerability

Windows Overlay Filter Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-3016
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 19.09%
||
7 Day CHG~0.00%
Published-31 Jan, 2020 | 19:50
Updated-30 Sep, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernellinux_kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-1346
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-2.5||LOW
EPSS-0.04% / 11.56%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

Action-Not Available
Vendor-n/aIBM Corporation
Product-business_process_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-6130
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-11191
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-2.5||LOW
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-11 Apr, 2019 | 23:07
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2015-1420
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.04% / 8.65%
||
7 Day CHG~0.00%
Published-16 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-8484
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-14.77% / 94.24%
||
7 Day CHG-0.97%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Microsoft Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-20569
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.65% / 69.90%
||
7 Day CHG+0.02%
Published-08 Aug, 2023 | 17:02
Updated-23 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft CorporationFedora ProjectDebian GNU/Linux
Product-ryzen_9_5900xepyc_7543epyc_9354pryzen_5_7645hxryzen_9_pro_7640hs_firmwareepyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_7745hx_firmwareryzen_5_5600hsryzen_3_5300geepyc_7453ryzen_7_5825uryzen_7_5825u_firmwareepyc_9334_firmwareepyc_9454p_firmwareepyc_9454epyc_7413_firmwareepyc_9534_firmwareepyc_9754_firmwareryzen_7_5800x3d_firmwareepyc_7643_firmwareryzen_9_7950xepyc_9274f_firmwareryzen_threadripper_pro_5945wxryzen_5_7540uepyc_7373x_firmwareepyc_75f3_firmwareepyc_7473x_firmwareryzen_7_7700xepyc_9634_firmwarewindows_11_22h2ryzen_7_7700x_firmwareryzen_7_5700gryzen_9_7845hx_firmwareryzen_9_6900hxepyc_7573x_firmwareryzen_9_7945hx_firmwareryzen_5_7640hryzen_5_5500ryzen_3_5400uepyc_7713ryzen_5_5600_firmwareryzen_9_pro_5945windows_10_1607ryzen_5_7640h_firmwareryzen_5_7540u_firmwareryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_5800x3dryzen_7_7735uryzen_7_6800h_firmwareryzen_9_pro_7945ryzen_5_5600ge_firmwareepyc_9634epyc_9554p_firmwareryzen_5_5600h_firmwareryzen_7_5700ryzen_7_7745hxryzen_7_5800ryzen_7_pro_7745_firmwareryzen_5_7535uryzen_9_5950xryzen_9_7900x3d_firmwareryzen_5_5500_firmwareryzen_7_7840h_firmwareryzen_9_7845hxepyc_7443_firmwareryzen_7_6800hsepyc_7343epyc_7543_firmwarewindows_11_21h2ryzen_7_7736uepyc_9274fryzen_threadripper_pro_5945wx_firmwareepyc_9734epyc_9454pepyc_9734_firmwareepyc_7313p_firmwareryzen_5_5600uepyc_9124fedoraryzen_5_5600x3d_firmwareryzen_5_5600geryzen_7_7840u_firmwareepyc_9374f_firmwareryzen_9_6980hs_firmwareryzen_9_5900hs_firmwareepyc_72f3_firmwareepyc_9174fryzen_threadripper_pro_5975wx_firmwareryzen_7_5700_firmwareepyc_7413ryzen_9_7945hx3dryzen_5_7535hsepyc_9654_firmwareepyc_9384xryzen_9_7940h_firmwareepyc_7313ryzen_7_5700x_firmwarewindows_10_1507epyc_7663_firmwareryzen_3_7440u_firmwareryzen_3_pro_7330u_firmwareryzen_5_pro_5645_firmwareepyc_74f3_firmwareepyc_9654pryzen_3_5425uepyc_7763epyc_9454_firmwareryzen_7_5800_firmwareepyc_9374fryzen_9_5980hx_firmwareryzen_3_5100_firmwareepyc_7713p_firmwareryzen_3_7440uryzen_5_7645hx_firmwareepyc_9334ryzen_7_5800uryzen_9_7950x3d_firmwareryzen_5_5600g_firmwareryzen_5_pro_7645ryzen_5_5600ryzen_7_5800hepyc_7543pryzen_7_pro_7730u_firmwarewindows_10_1809ryzen_9_7950x_firmwareepyc_7453_firmwareryzen_7_5700uryzen_7_pro_7840hs_firmwareryzen_7_5700ge_firmwareepyc_9554windows_server_2019ryzen_7_6800hryzen_9_7900x_firmwareryzen_5_6600h_firmwareepyc_9254_firmwareryzen_5_pro_5645ryzen_7_7800x3d_firmwareryzen_7_7840uryzen_5_pro_7640hs_firmwareryzen_7_7735hs_firmwareepyc_7573xepyc_9684x_firmwarewindows_10_21h2epyc_9534ryzen_3_pro_7330uryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxepyc_7373xwindows_10_22h2epyc_7513_firmwareryzen_5_6600hryzen_9_pro_7640hsepyc_9384x_firmwareryzen_9_6980hxryzen_5_5560uryzen_9_7940hepyc_75f3debian_linuxepyc_9184x_firmwareryzen_7_5700u_firmwareryzen_9_7900xepyc_7343_firmwareryzen_5_6600hsepyc_9754s_firmwareryzen_7_pro_5845ryzen_7_7840hryzen_9_5900hsryzen_5_7640uwindows_server_2022epyc_9174f_firmwareepyc_7313pwindows_server_2008epyc_9124_firmwareryzen_9_7945hx3d_firmwareryzen_9_5980hsryzen_3_5125c_firmwareryzen_5_7600ryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_9_6900hsryzen_threadripper_pro_5965wx_firmwareepyc_7713_firmwareepyc_9254epyc_9474f_firmwareepyc_7443p_firmwareryzen_7_5800xepyc_7773xryzen_7_7700_firmwareryzen_3_5300gryzen_5_7600x_firmwareryzen_9_5900ryzen_7_6800u_firmwareryzen_5_pro_7530uryzen_5_5600hs_firmwareryzen_7_pro_7745ryzen_threadripper_pro_5955wxryzen_9_6900hs_firmwareryzen_5_5500uryzen_3_5400u_firmwareryzen_7_6800hs_firmwareryzen_7_7800x3dryzen_5_pro_7640hsryzen_5_5600hryzen_5_7535u_firmwareryzen_3_5300u_firmwareryzen_7_6800uryzen_9_7945hxepyc_7763_firmwareryzen_3_5300uryzen_5_5600gryzen_9_pro_7945_firmwareryzen_3_5425u_firmwareryzen_7_7735hsryzen_9_7900x3dryzen_threadripper_pro_5975wxryzen_9_5900hx_firmwareepyc_9354ryzen_9_5950x_firmwareryzen_9_7900_firmwareryzen_5_7600xryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_7_5700geepyc_9554_firmwareryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_7_pro_5845_firmwareryzen_5_5600u_firmwareepyc_7663ryzen_5_5600x3depyc_7773x_firmwareryzen_5_pro_7645_firmwareryzen_5_6600u_firmwareryzen_3_7335uryzen_7_5700g_firmwareryzen_5_7535hs_firmwareryzen_5_7600_firmwareepyc_7473xepyc_9754ryzen_7_pro_7840hsryzen_5_7500f_firmwareryzen_9_pro_5945_firmwareepyc_9554pepyc_9654windows_server_2016epyc_9684xwindows_server_2012ryzen_3_5300g_firmwareryzen_5_7500fryzen_7_5800u_firmwareryzen_7_7736u_firmwareepyc_9474fryzen_5_6600hs_firmwareepyc_9754sryzen_5_7640u_firmwareryzen_5_5560u_firmwareepyc_73f3_firmwareepyc_9654p_firmwareryzen_threadripper_pro_5965wxryzen_9_5900hxepyc_72f3epyc_7643ryzen_9_7950x3depyc_9354_firmwareryzen_7_7700ryzen_3_5100epyc_9354p_firmwareepyc_9224_firmwareepyc_7313_firmwareepyc_7443pryzen_9_7900epyc_9184xryzen_5_pro_7530u_firmwareryzen_7_5800hs_firmwareepyc_9224ryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareepyc_74f3ryzen_7_5700xryzen_9_6980hsepyc_73f3Ryzen™ PRO 3000 Series Desktop Processors Ryzen™ Threadripper™ 5000 Series ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ GraphicsRyzen™ Threadripper™ 2000 Series Processors Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics4th Gen AMD EPYC™ Processors2nd Gen AMD EPYC™ ProcessorsRyzen™ PRO 5000 Series Desktop ProcessorsRyzen™ 3000 Series Desktop ProcessorsRyzen™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAthlon™ 3000 Series Processors with Radeon™ Graphics Ryzen™ PRO 5000 Series ProcessorsRyzen™ 3000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 6000 Series ProcessorsRyzen™ 5000 Series Desktop Processors with Radeon™ Graphics3rd Gen AMD EPYC™ ProcessorsRyzen™ 7000 Series Processors 1st Gen AMD EPYC™ ProcessorsRyzen™ PRO 4000 Series Desktop ProcessorsRyzen™ Threadripper™ 3000 Series ProcessorsAthlon™ PRO 3000 Series Processors with Radeon™ Vega GraphicsRyzen™ 5000 Series Processors with Radeon™ GraphicsRyzen™ 7040 Series Processors with Radeon™ GraphicsRyzen™ 6000 Series Processors with Radeon™ GraphicsRyzen™ 7000 Series Processors with Radeon™ GraphicsRyzen™ 5000 Series Desktop Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2010-2803
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-1.9||LOW
EPSS-0.08% / 24.65%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernellinux_enterprise_real_timedebian_linuxopensuselinux_enterprise_serverlinux_enterprise_desktoplinux_enterprise_high_availability_extensionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0600
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.40% / 59.67%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0775
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.35% / 56.55%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:11
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0601
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2018-8141
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.91% / 82.52%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 ServersWindows 10
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8478
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-13.04% / 93.82%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Microsoft Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8348
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.22% / 78.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8341
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.22% / 78.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-1651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_serverz\/osn/a
CVE-2018-8207
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.93% / 82.64%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Action-Not Available
Vendor-ncrbsdisconextn/aFreeBSD FoundationHP Inc.Silicon Graphics, Inc.NEC CorporationSun Microsystems (Oracle Corporation)IBM Corporation
Product-bsd_oshp-uxaixopenserverup-ux_vmp-rasirixunixwaresunosfreebsdnextstepn/a
CVE-2018-8121
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 ServersWindows 10
CWE ID-CWE-665
Improper Initialization
CVE-2018-8396
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-2.26% / 83.96%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows 7Windows Server 2008Windows Server 2008 R2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8433
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.91% / 82.54%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8506
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-18.62% / 95.01%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 ServersWindows 10Windows Server 2019
CVE-2016-3684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-14 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.

Action-Not Available
Vendor-n/aApple Inc.SAP SEMicrosoft Corporation
Product-download_managerwindowsmacosn/a
CVE-2011-1310
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-08 Mar, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1078
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-1.9||LOW
EPSS-0.03% / 6.48%
||
7 Day CHG~0.00%
Published-21 Jun, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-3321
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-2.5||LOW
EPSS-29.81% / 96.47%
||
7 Day CHG+4.60%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0769
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.05% / 16.84%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2009-5084
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-12 Aug, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_federated_identity_managern/a
CVE-2025-4598
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 13:13
Updated-27 Aug, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

Action-Not Available
Vendor-systemd_projectLinux Kernel Organization, IncOracle CorporationDebian GNU/LinuxRed Hat, Inc.
Product-linux_kerneldebian_linuxenterprise_linuxsystemdopenshift_container_platformlinuxRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7
CWE ID-CWE-364
Signal Handler Race Condition
CVE-2010-4075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.07% / 23.17%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34704
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.73% / 81.68%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-27 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Defender Credential Guard Information Disclosure Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11windows_server_2016windows_server_2022windows_server_2019windows_10Windows 10 Version 1507Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 20H2Windows Server 2019Windows 11 version 21H2Windows 10 Version 1607Windows Server 2022Windows Server 2016Windows 10 Version 1809Windows 10 Version 21H1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2010-4081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-30 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2010-4525
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-1.9||LOW
EPSS-0.11% / 29.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.07% / 22.28%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2010-4074
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.07% / 23.17%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39045
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2010-1650
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.07% / 22.77%
||
7 Day CHG~0.00%
Published-30 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2023-0458
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.36%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 18:03
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectre V1 Gadget in do_prlimit in the Linux Kernel

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux Kernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-38976
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.88%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-0045
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 47.82%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 22:44
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect indirect branch prediction barrier in the Linux Kernel

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Action-Not Available
Vendor-Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-active_iq_unified_managerh700sh410ch410s_firmwareh300sh500s_firmwarelinux_kernelh500sdebian_linuxh700s_firmwareh410c_firmwareh410sh300s_firmwareLinux Kernel
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found