Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-1318

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-20 Apr, 2022 | 15:30
Updated At-16 Apr, 2025 | 16:28
Rejected At-
Credits

Hills ComNav Inadequate Encryption Strength

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:20 Apr, 2022 | 15:30
Updated At:16 Apr, 2025 | 16:28
Rejected At:
▼CVE Numbering Authority (CNA)
Hills ComNav Inadequate Encryption Strength

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

Affected Products
Vendor
Interlogix
Product
ComNav
Versions
Affected
  • From All through 3002-19 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326 Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326 Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Carrier recommends users upgrade to Version 4000-12 or later, which is the latest supported version at the time of this publication. Please contact the Hills distributor to acquire the firmware update. More information on this issue can be found in Carrier product security advisory number CARR-PSA-002-1121.

Configurations
Workarounds
Exploits
Credits
Dr Paul Gardner-Stephen, Flinders University and DEWC Systems, Australia
Jacob Thompson, Flinders University, Australia
Dr Samuel Chenoweth, Defence Science and Technology Group, Australia
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf
x_refsource_CONFIRM
Hyperlink: https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:20 Apr, 2022 | 16:15
Updated At:24 Jul, 2023 | 13:35

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
carrier
carrier
>>hills_comnav_firmware>>Versions up to 3002-19(inclusive)
cpe:2.3:o:carrier:hills_comnav_firmware:*:*:*:*:*:*:*:*
carrier
carrier
>>hills_comnav>>-
cpe:2.3:h:carrier:hills_comnav:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-203Primarynvd@nist.gov
CWE-326Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-203
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-326
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdfics-cert@hq.dhs.gov
Vendor Advisory
Hyperlink: https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf
Source: ics-cert@hq.dhs.gov
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

151Records found
CVE-2020-16150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.91%
||
7 Day CHG-0.01%
Published-02 Sep, 2020 | 00:00
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectArm Limited
Product-mbed_tlsdebian_linuxfedoran/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-1459
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.09% / 90.40%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows ARM Information Disclosure Vulnerability

An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application. The security update addresses the vulnerability by bypassing the speculative execution.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1909
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-16235
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.8||LOW
EPSS-0.02% / 2.14%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 17:23
Updated-16 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson OpenEnterprise - Inadequate Encryption Strength

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.

Action-Not Available
Vendor-emersonEmerson
Product-openenterprise_scada_serverOpen Enterprise
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-20242
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:07
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-33283
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.

Action-Not Available
Vendor-marvalglobaln/a
Product-msmn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-20538
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.45%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-14481
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:27
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_viewFactoryTalk View SE
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-20279
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:16
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204877302

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-46744
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.55%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:40
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_embedded_7f72_firmwareepyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_embedded_7371_firmwareepyc_embedded_7501epyc_7261epyc_7451epyc_7282_firmwareepyc_embedded_7f32epyc_embedded_3251_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_embedded_7282epyc_7713pepyc_embedded_7451epyc_7443epyc_7513epyc_embedded_3201_firmwareepyc_embedded_7502p_firmwareepyc_embedded_7542_firmwareepyc_7232p_firmwareepyc_7702epyc_embedded_7702pepyc_7453epyc_7513_firmwareepyc_embedded_7262epyc_7542epyc_embedded_740p_firmwareepyc_7281_firmwareepyc_7413_firmwareepyc_7002epyc_7643_firmwareepyc_embedded_3151_firmwareepyc_7001epyc_embedded_7642_firmwareepyc_7502epyc_7001_firmwareepyc_7662_firmwareepyc_7343_firmwareepyc_7281epyc_7551epyc_embedded_740pepyc_embedded_7662epyc_7551pepyc_7313pepyc_7002_firmwareepyc_embedded_3101epyc_embedded_7302epyc_embedded_7642epyc_7551p_firmwareepyc_embedded_7551_firmwareepyc_embedded_7f32_firmwareepyc_embedded_7h12epyc_7601_firmwareepyc_embedded_3451_firmwareepyc_7352epyc_embedded_7301epyc_embedded_7401_firmwareepyc_7401epyc_7713_firmwareepyc_7742epyc_embedded_7252_firmwareepyc_7272epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_embedded_7742_firmwareepyc_7003epyc_embedded_3351_firmwareepyc_embedded_7402_firmwareepyc_embedded_7402p_firmwareepyc_embedded_3451epyc_embedded_7261epyc_embedded_7352_firmwareepyc_7261_firmwareepyc_embedded_7301_firmwareepyc_embedded_7232p_firmwareepyc_embedded_3201epyc_embedded_7532epyc_embedded_7302pepyc_embedded_7h12_firmwareepyc_7742_firmwareepyc_embedded_7261_firmwareepyc_7501epyc_7501_firmwareepyc_embedded_7452epyc_embedded_7272epyc_embedded_7552epyc_7301_firmwareepyc_embedded_7502pepyc_embedded_7371epyc_embedded_7451_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_embedded_7742epyc_7252_firmwareepyc_7543_firmwareepyc_embedded_7501_firmwareepyc_embedded_755pepyc_7542_firmwareepyc_7763_firmwareepyc_embedded_7302p_firmwareepyc_embedded_7502_firmwareepyc_embedded_7232pepyc_embedded_735pepyc_embedded_7351_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pepyc_embedded_7252epyc_7302p_firmwareepyc_7351p_firmwareepyc_embedded_7f52_firmwareepyc_embedded_3251epyc_embedded_755p_firmwareepyc_embedded_3101_firmwareepyc_7642_firmwareepyc_embedded_7532_firmwareepyc_7452epyc_embedded_7601_firmwareepyc_7543p_firmwareepyc_embedded_7402epyc_7401pepyc_embedded_7f72epyc_7302epyc_7601epyc_embedded_3255_firmwareepyc_embedded_7601epyc_7232pepyc_embedded_7302_firmwareepyc_embedded_7401epyc_7663epyc_7552_firmwareepyc_embedded_3351epyc_embedded_7702_firmwareepyc_7371epyc_embedded_7251_firmwareepyc_7662epyc_7642epyc_7451_firmwareepyc_7532_firmwareepyc_embedded_7281_firmwareepyc_embedded_7542epyc_7502p_firmwareepyc_embedded_7662_firmwareepyc_7413epyc_7301epyc_7401p_firmwareepyc_embedded_7551epyc_7313epyc_7351pepyc_embedded_7282_firmwareepyc_7663_firmwareepyc_embedded_7702p_firmwareepyc_7351_firmwareepyc_7251epyc_7552epyc_7302pepyc_7702p_firmwareepyc_embedded_7552_firmwareepyc_7302_firmwareepyc_7763epyc_embedded_3151epyc_embedded_3255epyc_7402_firmwareepyc_7713p_firmwareepyc_embedded_7402pepyc_7702pepyc_embedded_7281epyc_embedded_7262_firmwareepyc_7262epyc_embedded_7352epyc_embedded_7702epyc_embedded_7452_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_embedded_7251epyc_7643epyc_embedded_735p_firmwareepyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_embedded_7272_firmwareepyc_7443pepyc_7453_firmwareepyc_7282epyc_embedded_7f52epyc_embedded_7502epyc_7702_firmwareepyc_7352_firmwareepyc_7532epyc_embedded_7351AMD Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20264
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:18
Updated-29 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20276
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:15
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205706731

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8994
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:13
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-12912
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.95% / 75.43%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 19:08
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.
Product-energy_driver_for_linuxAMD extension to Linux "hwmon" for Zen1 platforms
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8993
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:18
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-13844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.30%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 22:46
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Action-Not Available
Vendor-n/aopenSUSEArm Limited
Product-cortex-a35_firmwarecortex-a32_firmwarecortex-a32cortex-a73_firmwarecortex-a57cortex-a34cortex-a53_firmwarecortex-a72_firmwarecortex-a72cortex-a35cortex-a73cortex-a53cortex-a34_firmwarecortex-a57_firmwareleapn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-12872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.54%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 18:20
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.

Action-Not Available
Vendor-yawsn/a
Product-yawsn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-21318
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.92%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21305
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.92%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21325
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.86%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21354
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.83%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21335
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.96%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21303
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-21301
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8992
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.03% / 5.92%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:28
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-0823
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 01:10
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1200-8_firmwaregs1200-5gs1200-5hp_firmwaregs1200-8hp_firmwaregs1200-5hpgs1200-5_firmwaregs1200-8gs1200-8hpZyxel GS1200 series firmware
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-10375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.85%
||
7 Day CHG~0.00%
Published-05 Feb, 2021 | 19:26
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.

Action-Not Available
Vendor-newmediacompanyn/a
Product-smartyn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-0464
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.45%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2015-7449
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.02% / 2.89%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 21:00
Updated-06 Aug, 2024 | 07:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_requirements_composerrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrational_software_architect_design_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-1005
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-44421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.40%
||
7 Day CHG~0.00%
Published-06 Mar, 2022 | 20:03
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.

Action-Not Available
Vendor-occlum_projectn/a
Product-occlumn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39755
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39761
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39760
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39745
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39791
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-3789
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.

Action-Not Available
Vendor-binatoneglobalMotorola Mobility LLC. (Lenovo Group Limited)
Product-cn50comfort_85_connect_firmwarecomfort_50_connectcn28mbp3855halo\+_camera_firmwarelux_65_firmwarecn40cn28_firmwarecomfort_85_connectmbp3855_firmwarecomfort_40focus_72r_firmwarembp3667comfort_50_connect_firmwarembp3667_firmwarecn50_firmwareconnect_view_65focus_68_firmwarelux_85_connect_firmwarembp4855_firmwarelux_64_firmwarecn40_firmwarecn75comfort_40_firmwarelux_64focus_72rconnect_20mbp4855lux_65mbp6855focus_68ease44halo\+_camerambp669_connect_firmwareconnect_view_65_firmwareease44_firmwarembp669_connectconnect_20_firmwarecn75_firmwarembp6855_firmwarelux_85_connectBinatone Hubble Cameras
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-47153
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:31
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47156
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:02
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Leak Vulnerability in Honor Product

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagicOS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47150
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 12:16
Updated-05 Jun, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47155
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:47
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-35477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 03:57
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-26314
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative execution with Floating-Point Value Injection

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationFedora ProjectBroadcom Inc.Arm Limited
Product-core_i7-7700kryzen_5_5600xxeon_silver_4214fedoracore_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-25392
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.01% / 0.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-26313
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative Code Store Bypass

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationDebian GNU/LinuxBroadcom Inc.Arm Limited
Product-debian_linuxcore_i7-7700kryzen_5_5600xxeon_silver_4214core_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0975
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0988
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0989
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0987
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-1009
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0089
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 19:07
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationFedora ProjectDebian GNU/Linux
Product-itanium_processorsdebian_linuxcore_processors_firmwarepentium_processors_firmwarefedoraxeon_processors_firmwarexeon_processorsceleron_processorsitanium_processors_firmwarecore_processorsceleron_processors_firmwarepentium_processorsIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found