Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-26509

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-16 Feb, 2023 | 19:59
Updated At-27 Jan, 2025 | 18:23
Rejected At-
Credits

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:16 Feb, 2023 | 19:59
Updated At:27 Jan, 2025 | 18:23
Rejected At:
▼CVE Numbering Authority (CNA)

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

Affected Products
Vendor
n/a
Product
Intel(R) SGX SDK software
Default Status
unaffected
Versions
Affected
  • See references
Problem Types
TypeCWE IDDescription
N/AN/Ainformation disclosure
Type: N/A
CWE ID: N/A
Description: information disclosure
Metrics
VersionBase scoreBase severityVector
3.12.5LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 2.5
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
N/A
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
x_transferred
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:16 Feb, 2023 | 20:15
Updated At:28 Feb, 2023 | 19:19

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.12.5LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 2.5
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
CPE Matches
Intel Corporation
intel
>>sgx_sdk>>Versions before 2.16.100.1(exclusive)
cpe:2.3:a:intel:sgx_sdk:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>sgx_sdk>>Versions before 2.15.100.1(exclusive)
cpe:2.3:a:intel:sgx_sdk:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-755Primarynvd@nist.gov
CWE ID: CWE-755
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.htmlsecure@intel.com
Vendor Advisory
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
Source: secure@intel.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

714Records found
CVE-2021-26417
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 64.46%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-19 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Overlay Filter Information Disclosure Vulnerability

Windows Overlay Filter Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2024-26207
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.33%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Information Disclosure Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26174
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.44%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-2538
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSECanonical Ltd.
Product-linux_kernelubuntu_linuxlinux_enterprise_serverlinux_enterprise_desktoplinux_enterprise_high_availability_extensionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-4333
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.08%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

Action-Not Available
Vendor-Microsoft CorporationBroadcom Inc.
Product-windowsraid_controller_web_interfaceLSI Storage Authority (LSA)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-47070
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.49%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 21:15
Updated-28 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uio_hv_generic: Fix another memory leak in error handling paths

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-4719
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.63%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:25
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelmq_appliancewebsphere_mqhp-uxwindowsmqaixMQ
CVE-2021-24106
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.46%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DirectX Information Disclosure Vulnerability

Windows DirectX Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2009-3238
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.26%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEopenSUSECanonical Ltd.
Product-ubuntu_linuxlinux_enterprise_serverlinux_kernelopensuselinux_enterprise_desktopn/a
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2021-1725
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 65.88%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bot Framework SDK Information Disclosure Vulnerability

Bot Framework SDK Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-bot_framework_software_development_kitBot Framework SDK for JavaScriptBot Framework SDK for PythonBot Framework SDK for .NET Framework
CWE ID-CWE-287
Improper Authentication
CVE-2021-1656
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.06% / 88.06%
||
7 Day CHG+0.03%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TPM Device Driver Information Disclosure Vulnerability

TPM Device Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-20408
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-1670
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 66.64%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows Server version 20H2Windows 10 Version 2004Windows 10 Version 20H2
CVE-2021-1699
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.50% / 80.37%
||
7 Day CHG-0.03%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows (modem.sys) Information Disclosure Vulnerability

Windows (modem.sys) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2023-4327
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

Action-Not Available
Vendor-Broadcom Inc.Linux Kernel Organization, Inc
Product-linux_kernelraid_controller_web_interfaceLSI Storage Authority (LSA)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-44213
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.07% / 21.90%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:56
Updated-10 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsagentAcronis Cyber Protect Cloud AgentAcronis Cyber Protect 16
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-44214
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.47%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-20 Sep, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-4328
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

Action-Not Available
Vendor-Broadcom Inc.Linux Kernel Organization, Inc
Product-linux_kernelraid_controller_web_interfaceLSI Storage Authority (LSA)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-44210
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 19:53
Updated-19 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agentagent
CWE ID-CWE-862
Missing Authorization
CVE-2021-0155
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_e5-2650l_v4xeon_e7-4820_v4xeon_e5-1650_v4_firmwarexeon_e5-2603_v4_firmwarecore_i9-7900xxeon_d-2733nt_firmwarexeon_d-1548xeon_d-1622_firmwarecore_i7-7820x_firmwarexeon_d-1633nxeon_d-1527_firmwarexeon_d-1653nxeon_d-2173it_firmwarexeon_d-2145nt_firmwarexeon_d-1531_firmwarexeon_d-1633n_firmwarecore_i9-7920xxeon_e5-2637_v4core_i9-9960xxeon_d-1513n_firmwarecore_i9-7960x_firmwarexeon_d-1749nt_firmwarexeon_e7-4809_v4_firmwarexeon_e7-8867_v4xeon_e5-2630_v4_firmwarexeon_d-1557_firmwarecore_i7-7820xcore_i7-3970x_firmwarexeon_e5-2699r_v4_firmwarexeon_e5-4640_v4xeon_d-1747nte_firmwarexeon_d-2163it_firmwarecore_i5-7640xcore_i7-7800xxeon_d-1531xeon_d-1726_firmwarexeon_e7-8891_v4core_i9-9920xxeon_d-2146nt_firmwarexeon_d-1533n_firmwarexeon_e5-2650_v4_firmwarexeon_d-2177ntxeon_e5-2630l_v4_firmwarexeon_e7-8894_v4xeon_d-2786nte_firmwarexeon_d-1518_firmwarexeon_e5-4650_v4xeon_e5-2660_v4xeon_d-2775te_firmwarexeon_e5-2680_v4_firmwarexeon_d-1715ter_firmwarexeon_d-1571_firmwarecore_i7-6900k_firmwarexeon_e7-8893_v4_firmwarexeon_e5-4650_v4_firmwarexeon_e5-4627_v4core_i7-4940mxxeon_e5-4610_v4_firmwarexeon_e5-1630_v4core_i9-10920x_firmwarecore_i9-10940xxeon_d-2796texeon_d-1541_firmwarecore_i7-5820k_firmwarecore_i9-10900xxeon_d-1577_firmwarexeon_d-2142itxeon_d-1748texeon_e7-8891_v4_firmwarexeon_e5-2699r_v4xeon_d-2187ntxeon_d-2775texeon_e5-2640_v4_firmwarexeon_d-1518core_i7-9800xcore_i7-6800k_firmwarexeon_d-1726xeon_d-1735tr_firmwarexeon_e5-2648l_v4core_i7-3820_firmwarecore_i7-6950xxeon_e5-4620_v4xeon_d-2752nte_firmwarexeon_e7-8870_v4xeon_d-2796nt_firmwarexeon_e7-8880_v4_firmwarexeon_d-1637xeon_e5-4660_v4xeon_e5-2698_v4core_i7-3970xxeon_d-1539_firmwarecore_i7-3960xcore_i7-6800kxeon_d-1718txeon_d-2753nt_firmwarexeon_d-1602xeon_e5-4655_v4core_i7-4820kxeon_d-1533nxeon_d-1529_firmwarexeon_d-2799xeon_e5-4640_v4_firmwarexeon_d-1712trcore_i9-9940x_firmwarexeon_d-2145ntxeon_e5-2697a_v4xeon_d-1736_firmwarexeon_d-2173itxeon_d-2766ntxeon_d-2161ixeon_d-2163itxeon_e5-1620_v4xeon_e5-4669_v4core_i7-3930kxeon_d-2123itxeon_e5-2609_v4_firmwarexeon_d-1623ncore_i7-4960x_firmwarecore_i7-4820k_firmwarexeon_d-1521xeon_e5-2628l_v4xeon_d-1722nexeon_e5-2650_v4xeon_e7-4820_v4_firmwarexeon_d-2776ntcore_i7-3820xeon_d-2161i_firmwarexeon_e5-2687w_v4_firmwarexeon_d-1713nt_firmwarecore_i7-3940xmxeon_e5-4610_v4xeon_e5-2658_v4xeon_e5-1630_v4_firmwarexeon_e5-4620_v4_firmwarexeon_d-2786ntexeon_d-1537_firmwarexeon_d-2796te_firmwarecore_i7-3920xmxeon_d-2143itxeon_d-2753ntxeon_d-1540_firmwarexeon_e7-8890_v4_firmwarexeon_e5-2683_v4_firmwarecore_i7-5930k_firmwarexeon_d-1553n_firmwarexeon_e5-2695_v4core_i9-7980xe_firmwarexeon_d-2177nt_firmwarecore_i7-3940xm_firmwarecore_i7-3930k_firmwarecore_i9-10920xxeon_d-2798ntxeon_e5-2667_v4_firmwarexeon_d-1712tr_firmwarexeon_e7-8860_v4_firmwarecore_i7-6950x_firmwarexeon_e5-1660_v4_firmwarexeon_d-1739_firmwarexeon_d-1736xeon_d-2738xeon_d-1567_firmwarexeon_e5-2683_v4xeon_d-1733nt_firmwarexeon_d-1749ntcore_i9-9820x_firmwarexeon_d-2142it_firmwarexeon_d-1627xeon_d-2779_firmwarexeon_d-1602_firmwarexeon_d-2733ntxeon_d-1559_firmwarecore_i7-4930mx_firmwarexeon_d-1623n_firmwarexeon_d-1702xeon_d-1722ne_firmwarexeon_e5-2630l_v4xeon_e7-8893_v4xeon_e7-4830_v4xeon_e5-2699_v4_firmwarexeon_d-1528_firmwarexeon_e5-4669_v4_firmwarexeon_e5-4667_v4xeon_d-2795ntxeon_e5-4628l_v4xeon_d-1732te_firmwarecore_i5-7640x_firmwarexeon_d-2779xeon_d-1529xeon_e5-1650_v4core_i9-7960xcore_i7-5930kxeon_d-1715terxeon_d-1559core_i9-9820xxeon_d-1537xeon_d-1714xeon_e7-4850_v4xeon_d-1567xeon_e7-4850_v4_firmwarexeon_d-2141ixeon_d-1734nt_firmwarecore_i7-3920xm_firmwarexeon_d-2141i_firmwarecore_i7-6850k_firmwarecore_i7-3960x_firmwarexeon_e7-8880_v4xeon_d-2776nt_firmwarexeon_d-2752ntexeon_d-1734ntxeon_e5-2667_v4xeon_e5-2695_v4_firmwarexeon_e5-4655_v4_firmwarexeon_e5-2608l_v4_firmwarexeon_d-1649nxeon_e7-8890_v4xeon_e5-2609_v4xeon_d-1540xeon_d-1736nt_firmwarexeon_d-2712t_firmwarexeon_d-1513ncore_i7-9800x_firmwarexeon_d-2183itxeon_d-2123it_firmwarecore_i7-5960x_firmwarecore_i9-7940x_firmwarexeon_e5-2643_v4_firmwarexeon_d-1527core_i9-9940xxeon_e7-8860_v4xeon_d-2712txeon_d-1649n_firmwarexeon_e5-2690_v4core_i9-9980xe_firmwarexeon_e5-2650l_v4_firmwarecore_i9-9900xcore_i9-7940xxeon_e5-2699a_v4_firmwarecore_i9-7900x_firmwarexeon_e7-8870_v4_firmwarexeon_d-1523ncore_i9-9900x_firmwarexeon_e7-4830_v4_firmwarexeon_d-1748te_firmwarexeon_e5-4667_v4_firmwarexeon_e5-2618l_v4xeon_d-1520xeon_d-2187nt_firmwarecore_i7-7800x_firmwarexeon_e5-2699_v4xeon_e5-2603_v4xeon_d-2146ntxeon_d-1713ntxeon_d-1543nxeon_d-2752terxeon_d-1541xeon_d-1543n_firmwarexeon_e7-8867_v4_firmwarexeon_d-2799_firmwarexeon_d-1732texeon_d-1622xeon_d-1520_firmwarexeon_e5-2640_v4xeon_e5-4660_v4_firmwarexeon_e5-2680_v4xeon_e5-2697a_v4_firmwarecore_i7-7740xxeon_d-2795nt_firmwarexeon_d-1713nte_firmwarexeon_e5-2637_v4_firmwarexeon_e5-2660_v4_firmwarecore_i9-9920x_firmwarexeon_e5-2687w_v4core_i7-4930kcore_i9-10980xe_firmwarecore_i7-4960xcore_i7-5960xxeon_d-1521_firmwarecore_i7-5820kcore_i9-7920x_firmwarecore_i7-6900kcore_i9-9980xexeon_d-1557xeon_e5-2623_v4xeon_d-2796ntxeon_d-1713ntexeon_d-1739xeon_d-2752ter_firmwarexeon_d-1637_firmwarexeon_d-1577xeon_d-1735trxeon_d-2766nt_firmwarecore_i7-4930k_firmwarecore_i9-10980xexeon_e5-2690_v4_firmwarexeon_d-2166ntxeon_e5-2608l_v4xeon_e5-2697_v4xeon_d-1539xeon_e5-4627_v4_firmwarexeon_e5-2658_v4_firmwarexeon_d-1718t_firmwarexeon_e5-2648l_v4_firmwarexeon_e5-1680_v4_firmwarecore_i9-10900x_firmwarecore_i7-4930mxxeon_e5-2630_v4xeon_e7-4809_v4xeon_d-1746ter_firmwarexeon_e5-2620_v4xeon_d-2143it_firmwarexeon_e5-1660_v4xeon_e5-4628l_v4_firmwarexeon_e5-1680_v4xeon_d-1627_firmwarexeon_e5-2698_v4_firmwarexeon_d-1702_firmwarexeon_d-1733ntxeon_e5-2618l_v4_firmwarecore_i7-4940mx_firmwarexeon_d-1653n_firmwarexeon_e5-2623_v4_firmwarecore_i9-9960x_firmwarexeon_d-1736ntxeon_d-1553ncore_i9-10940x_firmwarexeon_d-2798nt_firmwarexeon_d-1747ntexeon_d-2166nt_firmwarexeon_e5-2699a_v4xeon_d-1523n_firmwarexeon_d-2183it_firmwarecore_i7-6850kxeon_e5-2643_v4xeon_e5-2628l_v4_firmwarecore_i9-7980xexeon_e7-8894_v4_firmwarexeon_e5-2697_v4_firmwarexeon_d-1548_firmwarexeon_d-1746terxeon_e5-1620_v4_firmwarexeon_d-1571xeon_d-1528xeon_d-2738_firmwarexeon_e5-2620_v4_firmwarecore_i7-7740x_firmwarexeon_d-1714_firmwareIntel(R) Processors
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-0171
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset_ac_3165amt_wi-fi_6_ax201proset_ac_9462amt_ac_9560_firmwareproset_ac_8265killer_wi-fi_6_ax1650amt_wi-fi_6_ax201_firmwareproset_ac_3165_firmwareamt_ac_8265_firmwareproset_ac_8260proset_ac_9461_firmwareproset_wi-fi_6_ax201_firmwareproset_wi-fi_6e_ax210proset_wireless_7265_\(rev_d\)_firmwareamt_wi-fi_6_ax210_firmwareproset_wi-fi_6_ax200_firmwarekiller_wi-fi_6_ax1650_firmwareproset_wi-fi_6_ax200proset_ac_9461proset_ac_8260_firmwareamt_wi-fi_6_ax200amt_wi-fi_6_ax210amt_ac_8260_firmwareamt_ac_8260killer_ac_1550_firmwareamt_ac_9260_firmwareproset_ac_8265_firmwareproset_wireless_7265_\(rev_d\)proset_ac_9462_firmwareproset_wi-fi_6_ax201killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwareproset_ac_9260killer_wi-fi_6e_ax1675proset_ac_9560amt_wi-fi_6_ax200_firmwareamt_ac_9260proset_ac_9260_firmwareamt_ac_8265amt_ac_9560proset_ac_9560_firmwarekiller_ac_1550proset_ac_3168proset_ac_3168_firmwareIntel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11
CVE-2021-0145
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.36%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel Corporation
Product-core_i5-1145grexeon_w-1300core_i5-1135g7core_i7-11375hcore_i3-1115g4core_i5-11500hcore_i5-1035g4core_i5-11600tcore_i5-11400core_i5-11500tcore_i9-11900txeon_platinum_8368qxeon_platinum_8352vxeon_w-11865mrecore_i7-1060g7xeon_gold_5300core_i5-11600kxeon_platinum_8358xeon_e-2374gcore_i3-1120g4core_i5-1155g7core_i7-1160g7xeon_platinum_8353hcore_i7-1185grexeon_w-1370xeon_gold_6300xeon_platinum_8360xeon_e-2378core_i5-11260hxeon_platinum_8360ycore_i5-11400hcore_i3-1115g4exeon_e-2356gcore_i9-11900hceleron_6305ecore_i3-1110g4core_i7-1185g7exeon_platinum_8380hcore_i5-11320hxeon_e-2334xeon_w-1350core_i5-1130g7xeon_platinum_8354hxeon_e-2314core_i9-11900kfcore_i5-1035g1xeon_w-11865mlecore_i7-1180g7core_i7-11850hcore_i9-11900xeon_w-1370pxeon_w-1390pxeon_silver_4300core_i5-1035g7xeon_e-2388gxeon_w-11155mrecore_i7-11390hxeon_w-11855mcore_i5-11400tcore_i5-1145g7xeon_w-1390core_i7-11700kcore_i5-11400fxeon_w-11955mxeon_w-1350pcore_i3-1115grecore_i5-11600xeon_platinum_8358pcore_i7-11700fcore_i7-1185g7core_i3-11100hexeon_platinum_8362celeron_6600hepentium_gold_7505core_i7-11800hcore_i9-11980hkxeon_platinum_8360hlxeon_platinum_8380core_i9-11900fcore_i3-1125g4xeon_platinum_8321hcxeon_platinum_8368core_i5-1030g4xeon_e-2378gcore_i5-11500core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-11950hxeon_platinum_8380hlcore_i7-11700xeon_platinum_8352ycore_i3-1000g1xeon_platinum_8376hcore_i7-1195g7core_i5-11300hfas\/aff_biosxeon_platinum_8352mcore_i3-1005g1xeon_e-2386gcore_i7-1165g7core_i3-1000g4celeron_6305core_i7-11850hexeon_e-2324gxeon_platinum_8356hxeon_platinum_8376hlcore_i5-1145g7exeon_e-2336core_i5-1030g7xeon_platinum_8352sxeon_w-11555mlecore_i7-11700txeon_platinum_8360hxeon_w-1390tcore_i5-11600kfxeon_w-11155mlexeon_platinum_8351ncore_i7-11370hcore_i5-1140g7core_i7-11700kfIntel(R) Processors
CWE ID-CWE-665
Improper Initialization
CVE-2020-8696
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:02
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-xeon_platinum_8153xeon_platinum_8276lxeon_w-2223core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_platinum_9222xeon_w-3245mxeon_gold_6230txeon_e3-1235lcore_i3-8300tcore_i7-7660ucore_i7-6600uxeon_gold_6146pentium_4415ycore_i7-8706gcore_i3-6300xeon_gold_6126txeon_w-3225xeon_e-2236celeron_5305upentium_gold_g5420core_i7-9700kfxeon_gold_5115xeon_silver_4208rcore_i7-7640xxeon_gold_6136xeon_platinum_8170xeon_w-2125core_i9-10940xcore_i5-8400hceleron_g3940core_i5-6310ucore_i7-8700xeon_e3-1501lcore_i3-6300tcore_i3-6120core_i5-8400core_i5-7y54xeon_gold_6138core_i7-7700txeon_gold_6246core_i5-10210uxeon_w-2295xeon_platinum_8164core_i7-6770hqcore_i7-8700kxeon_e-2226gcore_i9-9900kfpentium_g4400txeon_gold_6234solidfirepentium_gold_g5400txeon_e3-1268lcore_i7-8670xeon_w-2255core_i3-8145ucore_i5-10400hxeon_gold_5215mcore_i5-7442eqcore_i7-6822eqxeon_e-2134xeon_gold_5215core_i7-6700tecore_i3-7020uxeon_d-2143itxeon_gold_6262vcore_i3-8109upentium_g4500txeon_d-2163itxeon_platinum_8168core_i9-7920xxeon_e3-1515mcore_i7-7600uxeon_e-2224xeon_gold_5218core_i5-10110ycore_i3-7100exeon_silver_4109tcore_i7-10510yxeon_e-2278gexeon_gold_5215lcore_i3-10110uxeon_gold_6138fcore_m5-6y54xeon_gold_5122xeon_w-2245core_i5-6442eqcore_i5-6600kcore_i5-8420tcore_i9-7960xceleron_g3900core_i5-9600kcore_i7-7820xcore_i7-7700hqcore_i5-8400bxeon_platinum_8280mcore_i9-7980xexeon_silver_4114xeon_e3-1285pentium_g4420core_i7-7820hkcore_i3-8100hcore_i7-6870hqcore_i9-9940xceleron_g5305ucore_i5-8550pentium_g4500xeon_bronze_3104xeon_e-2184gxeon_gold_6240xeon_gold_6240lcore_i7-6970hqxeon_gold_6238lcore_i5-8350ucore_i3-6120tcore_i5-7500uxeon_platinum_8156core_i5-7300ucore_i5-8600xeon_e3-1225xeon_d-2173itceleron_g3930texeon_e-2136xeon_d-2123itcore_i7-10510ucore_i7-9700kxeon_e-2246gcore_i5-8500txeon_w-3265mcore_8269ucore_i5-7500celeron_3865ucore_i3-8100xeon_w-2265core_i5-6400xeon_e3-1545mcore_m7-6y75core_i5-7200uxeon_gold_6126fceleron_g4900tcore_m3-6y30pentium_g4540celeron_g3930efedoraxeon_gold_5218txeon_platinum_p-8124core_4205ucore_i9-8950hkxeon_gold_6150pentium_g4520core_i7-7700xeon_gold_5220rxeon_gold_6140pentium_4405ucore_i7-7920hqcore_i3-7102exeon_d-2146ntcore_i5-8600kxeon_platinum_8160fxeon_e-2254mlxeon_platinum_p-8136core_i5-8400txeon_e3-1220core_i7-8750hxeon_e3-1578lcore_i5-8365ucore_i9-10920xxeon_silver_4214ccore_i5-8420xeon_d-2187ntcore_i5-9600kfcore_i7-8670tcore_i7-6660ucore_i3-10100tepentium_4410ycore_i5-7600xeon_gold_6126xeon_e3-1240lcore_i9-7940xxeon_platinum_8160mceleron_3965ucore_i9-9960xxeon_d-2166ntxeon_e-2286mxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_w-2195core_i3-7100hxeon_e-2276gcore_i3-8300xeon_e-2186gcore_i5-7400txeon_e-2276mlxeon_d-2183itxeon_e3-1535mxeon_silver_4116txeon_e-2244gxeon_e-2174gcore_i9-9900kxeon_e-2176gcore_i7-8809gclustered_data_ontapxeon_gold_6142fcore_i3-6320tcore_i5-7260ucore_i7-8700bcore_i7-8709gxeon_d-2145ntcore_i3-7120core_i5-6287uxeon_gold_6238xeon_gold_6130core_i5-7267umicrocodexeon_platinum_8260mcore_i7-7800xcore_i5-9400core_i9-9920xcore_i3-8100tpentium_4415uxeon_silver_4208core_i5-6500tcore_i5-6260uxeon_platinum_8260core_i3-7120tcore_i5-10210ycore_i7-8557ucore_i7-6560uxeon_w-2123pentium_g4420txeon_e3-1505lxeon_gold_5220sxeon_w-3275mcore_i7-8700txeon_platinum_9242core_i5-8300hxeon_gold_5215rxeon_platinum_9282core_i7-6820hqcore_i5-7400xeon_platinum_8280lxeon_silver_4110xeon_e3-1501mcore_i7-8650uxeon_bronze_3204xeon_gold_5119tcore_i5-6600xeon_silver_4108xeon_gold_6130tcore_i7-6700txeon_silver_4210core_i7-6920hqxeon_e3-1585pentium_gold_g5500tcore_i3-6100uxeon_e3-1565lxeon_gold_5217pentium_g4400texeon_gold_6230nxeon_platinum_8276mcore_i9-9800xxeon_w-3265xeon_gold_5218nxeon_e3-1260lxeon_bronze_3106xeon_gold_6138txeon_w-3245core_i7-9750hfxeon_gold_6238mceleron_g4920xeon_gold_5120core_i3-6167uxeon_e-2274gpentium_gold_g6405ucore_i5-8500bxeon_e-2124gxeon_e-2278gelxeon_e-2288gxeon_gold_5220xeon_platinum_8160txeon_e-2234core_i7-7740xxeon_silver_4214rcore_i7-6500ucore_i3-7110upentium_g4520txeon_gold_6254xeon_silver_4114tcore_i3-6320core_i3-8120celeron_g3902ecore_i5-9400fcore_i7-6700kxeon_e-2124core_i9-9880hcore_i3-8000core_i7-9850hcore_i5-7287uxeon_d-2141ixeon_gold_6154xeon_e3-1558ldebian_linuxcore_i3-7320tcore_i5-7440eqxeon_w-2175core_i7-8560uceleron_g3900thci_storage_node_biosxeon_platinum_8268core_i3-8000tceleron_g3920core_i5-6400tcore_i5-6300ucore_i3-7100uxeon_platinum_8176mxeon_e-2276mecore_i7-8565ucore_i3-7101texeon_gold_5222xeon_w-3275core_i5-7600kcore_m5-6y57core_i5-8250ucore_5405uxeon_e3-1245xeon_e-2126gcore_i5-7300hqcore_i7-7560uxeon_silver_4209txeon_silver_4116xeon_gold_6240mpentium_gold_g5420tcore_i7-7820eqcore_i3-6100hxeon_e3-1275xeon_gold_6252ncore_i5-8259uxeon_platinum_9221core_i5-7360uxeon_gold_6244core_i5-6500xeon_platinum_8160core_i3-7340xeon_gold_6248pentium_gold_g5500celeron_g5205uhcl_compute_nodexeon_silver_4216rcore_i5-6200uxeon_platinum_8280core_m3-8100ycore_i7-6700hqxeon_w-2235xeon_e-2186mxeon_gold_6148fcore_i5-6350hqxeon_e-2176mxeon_gold_6132xeon_gold_6240ycore_i7-6820hkcore_i5-7600txeon_platinum_8256xeon_gold_6152core_i9-9820xpentium_g4400xeon_platinum_8158xeon_w-2155core_i9-9900xcore_i7-7500ucore_i7-8550ucore_i5-10310yxeon_e-2224gxeon_w-2135xeon_e-2286gxeon_gold_6222vxeon_e-2284gcore_i3-6102exeon_platinum_8176xeon_e3-1505mxeon_gold_6242xeon_w-2145core_i5-6600tcore_i3-8020xeon_e-2226gecore_i7-6650ucore_i7-6510uxeon_gold_6142xeon_e-2278gxeon_platinum_8260yxeon_platinum_8270core_i5-9300hcore_i5-6210uxeon_e3-1240xeon_gold_6128xeon_silver_4215xeon_d-2142itxeon_platinum_8180mcore_i7-8850hcore_i5-7210ucore_i3-7130ucore_i7-10610uxeon_gold_5118xeon_gold_6130fcore_i3-7167ucore_i3-6100tcore_i5-9400hcore_i7-8500ycore_i7-7567ucore_i7-6820eqxeon_gold_6134mcore_i9-10900xxeon_silver_4214core_i5-8650xeon_platinum_8276xeon_gold_6238txeon_d-2161ixeon_silver_4210rcore_i5-6500texeon_silver_4214ycore_i7-7820hqceleron_g3920tcore_i5-8210yxeon_gold_5218bcore_m3-7y30xeon_gold_6142mcore_i3-6100exeon_e3-1280celeron_3955uxeon_platinum_8176fxeon_e3-1575mcore_i7-8750hfxeon_e3-1230solidfire_bioshci_storage_nodeceleron_g4900pentium_4405ycore_i5-8200ycore_i7-6567upentium_gold_g5400hcl_compute_node_bioscore_i3-7101ecore_i3-6100core_i5-8310yxeon_w-2275core_i9-7900xcore_i5-7640xcore_i5-8500xeon_silver_4112xeon_w-3223core_i5-7440hqxeon_gold_6226core_i5-6360uxeon_e-2144gcore_i7-7510uxeon_gold_5120tcore_i7-8510ycore_i7-8569ucore_i5-8650kxeon_gold_6252xeon_gold_6134core_i5-8265uxeon_platinum_9220xeon_e-2254mecore_i3-6110ucore_i3-7007ucore_i5-6300hqxeon_w-3235core_i5-6267uceleron_3965ycore_i5-6440hqcore_i7-7y75celeron_g3900texeon_bronze_3206rxeon_w-2225xeon_w-2133core_i7-6700celeron_3855ucore_i5-7y57core_i3-8350kxeon_gold_6148core_i5-6440eqcore_i5-8600tcore_i5-7500txeon_gold_6144core_i5-8305gxeon_platinum_8260lcore_i9-9980hkcore_i7-8559uxeon_gold_6140mxeon_platinum_8170mxeon_e-2146gcore_i3-6100texeon_d-2177ntcore_i3-8130uxeon_platinum_8180xeon_e3-1270pentium_gold_g5600xeon_gold_5220txeon_e3-1585lIntel(R) Processors
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2020-8671
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-05 Oct, 2020 | 13:48
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-core_i7_9700kfcore_i7_9700core_i5_9600core_i5_9400tcore_i5_9400fcore_i3_8350kcore_i5_8400tcore_i3_9100fcore_i3_8300core_i3_9300tcore_i5_9600tcore_i9_9900kcore_i3_9100tcore_i7_9700fcore_i5_9600kcore_i3_9300core_i5_8600tcore_i7_8086kcore_i5_8500core_i7_8700kcore_i5_8500tcore_i9_9900kfcore_i9_9900tcore_i5_8600core_i5_9500fcore_i3_9320core_i7_8700tcore_i5_8400core_i5_9400celeron_4305uecore_i3_8100tcore_i9_9900celeron_4305ucore_i3_8300tcore_i9_9900kscore_i7_9700kcore_i3_9350kfcore_i5_9500celeron_4205ucore_i5_8600kcore_i5_9500tcore_i5_9600kfcore_i7_8700core_i3_9100core_i7_9700tcore_i3_8100bioscore_i3_9350kcore_i3_8100fIntel BIOS
CVE-2023-42776
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.8||LOW
EPSS-0.10% / 28.30%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-24 Oct, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-sgx_dcapIntel(R) SGX DCAP software for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-43614
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.43%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_endpointMicrosoft Defender for Endpoint for Linux
CWE ID-CWE-23
Relative Path Traversal
CVE-2020-8698
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:01
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Debian GNU/LinuxSiemens AGIntel CorporationFedora Project
Product-solidfire_bioshci_storage_nodecore_i5-1030g7core_i3-1000g4core_i7-1060g7simatic_ipc677ecore_i5-1035g1hci_compute_nodecore_i7-1160g7core_i5-1035g7core_i5-1135g7core_i3-1000g1clustered_data_ontapsimatic_ipc647e_firmwarefedorasimatic_ipc627e_firmwarecore_i7-1185g7simatic_field_pg_m6_firmwaresimatic_ipc477esimatic_ipc627ecore_i7-1165g7simatic_field_pg_m5simatic_ipc847e_firmwaresimatic_itp1000microcodecore_i3-1115g4core_i5-1030g4simatic_ipc477e_firmwarehci_compute_node_biossimatic_ipc427e_firmwarecore_i3-1110g4simatic_ipc847esimatic_ipc427ecore_i3-1005g1simatic_field_pg_m6simatic_ipc477e_prosimatic_field_pg_m5_firmwaresolidfiresimatic_ipc477e_pro_firmwaresimatic_ipc677e_firmwaredebian_linuxsimatic_itp1000_firmwarecore_i7-1065g7core_i5-1035g4core_i5-1130g7hci_storage_node_biossimatic_ipc647ecore_i3-1120g4core_i3-1125g4Intel(R) Processors
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-41750
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.08% / 24.40%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 20:18
Updated-26 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-862
Missing Authorization
CVE-2024-0340
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:36
Updated-30 Jul, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9.4 Extended Update Support
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-41745
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 6.29%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 17:16
Updated-27 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-cyber_protectlinux_kernelwindowsmacosagentAcronis AgentAcronis Cyber Protect 15
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-6105
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.17%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 20:57
Updated-13 Feb, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ManageEngine Information Disclosure in Multiple Products

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationZoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_endpoint_central_mspmanageengine_endpoint_centralmanageengine_recoverymanager_plusmanageengine_access_manager_plusmanageengine_application_control_plusmanageengine_admanager_plusmanageengine_netflow_analyzermanageengine_firewall_analyzermanageengine_m365_security_pluswindowsmanageengine_exchange_reporter_plusmanageengine_assetexplorermanageengine_log360_uebamanageengine_oputilsmanageengine_supportcenter_plusmanageengine_sharepoint_manager_plusmanageengine_appcreatormanageengine_device_control_plusmanageengine_servicedesk_plusmanageengine_datasecurity_plusmanageengine_secure_gateway_servermanageengine_patch_manager_pluslinux_kernelmanageengine_m365_manager_plusmanageengine_pam360manageengine_analytics_plusmanageengine_browser_security_plusmanageengine_opmanagermanageengine_endpoint_dlp_plusmanageengine_network_configuration_managermanageengine_remote_monitoring_and_managementmanageengine_remote_access_plusmanageengine_mobile_device_manager_plusmanageengine_patch_connect_plusmanageengine_os_deployermanageengine_adaudit_plusmanageengine_password_manager_promanageengine_vulnerability_manager_plusmanageengine_adselfservice_plusmanageengine_cloud_security_plusmanageengine_servicedesk_plus_mspAccess Manager PlusService Desk PlusAsset Explorer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18786
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 02:29
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2019-19338
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 16:04
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelLinux Kernel
CWE ID-CWE-385
Covert Timing Channel
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-52636
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 07:01
Updated-04 May, 2025 | 07:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libceph: just wait for more data to be available on the socket

In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes all read_partial_*() handlers, including read_partial_sparse_msg_data(). The expectation is that read_partial_sparse_msg_data() would bail, allowing the messenger to invoke read_partial() for the footer and pick up where it left off. However read_partial_sparse_msg_data() violates that and ends up calling into the state machine in the OSD client. The sparse-read state machine assumes that it's a new op and interprets some piece of the footer as the sparse-read header and returns bogus extents/data length, etc. To determine whether read_partial_sparse_msg_data() should bail, let's reuse cursor->total_resid. Because once it reaches to zero that means all the extents and data have been successfully received in last read, else it could break out when partially reading any of the extents and data. And then osd_sparse_read() could continue where it left off. [ idryomov: changelog ]

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CVE-2023-52500
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.81%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-04 May, 2025 | 07:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CVE-2019-17445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 17:18
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.

Action-Not Available
Vendor-eracentn/aLinux Kernel Organization, Inc
Product-eua_agentlinux_kerneleda_agentsum_agentepa_agentepm_agentflw_agentn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-50431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-09 Dec, 2023 | 00:00
Updated-30 May, 2025 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2023-50945
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 15:43
Updated-11 Mar, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Licensing information disclosure

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixcommon_licensinglinux_kernelwindowsCommon Licensing
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-1440
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.62% / 81.10%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1472
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.62% / 81.10%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-14590
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.51%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 19:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-graphics_drivercloud_backupsteelstore_cloud_integrated_storagesolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controllerdata_availability_services2019.2 IPU – Intel(R) Graphics Driver for Windows* and Linux
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-1436
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.62% / 81.10%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38023
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-30 Dec, 2023 | 00:00
Updated-20 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."

Action-Not Available
Vendor-scontainn/aIntel Corporation
Product-software_guard_extensionssconen/a
CVE-2023-36907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.03% / 88.02%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-170
Improper Null Termination
CVE-2019-1412
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 69.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1windows_7windows_server_2008WindowsWindows Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36906
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.66% / 85.19%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-170
Improper Null Termination
CVE-2019-1400
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.65% / 81.28%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:40
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeMicrosoft OfficeOffice 365 ProPlus
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1381
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1334
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.62% / 81.10%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1402
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.13% / 83.47%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365officeMicrosoft OfficeOffice 365 ProPlus
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found