Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-43477

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-14 Nov, 2023 | 19:04
Updated At-30 Aug, 2024 | 16:07
Rejected At-
Credits

Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:14 Nov, 2023 | 19:04
Updated At:30 Aug, 2024 | 16:07
Rejected At:
▼CVE Numbering Authority (CNA)

Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Affected Products
Vendor
n/a
Product
Intel Unison software
Default Status
unaffected
Versions
Affected
  • See references
Problem Types
TypeCWE IDDescription
N/AN/Ainformation disclosure
CWECWE-459Incomplete cleanup
Type: N/A
CWE ID: N/A
Description: information disclosure
Type: CWE
CWE ID: CWE-459
Description: Incomplete cleanup
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html
N/A
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:14 Nov, 2023 | 19:15
Updated At:17 Nov, 2023 | 03:59

Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>unison_software>>Versions before 20.14.5683.0(exclusive)
cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>unison_software>>Versions before 20.14.4244(exclusive)
cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>-
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>unison_software>>Versions before 20.14.2.3053(exclusive)
cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-459Primarynvd@nist.gov
CWE-459Secondarysecure@intel.com
CWE ID: CWE-459
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-459
Type: Secondary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.htmlsecure@intel.com
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html
Source: secure@intel.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1756Records found
CVE-2022-40974
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-1.8||LOW
EPSS-0.06% / 20.18%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-integrated_performance_primitives_cryptographyIntel(R) IPP Cryptography software
CWE ID-CWE-459
Incomplete Cleanup
CVE-2022-21166
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 57.28%
||
7 Day CHG+0.01%
Published-15 Jun, 2022 | 20:03
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aXen ProjectVMware (Broadcom Inc.)Debian GNU/LinuxIntel CorporationFedora Project
Product-esxidebian_linuxsgx_dcapsgx_pswsgx_sdkfedoraxenIntel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2022-21125
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 65.94%
||
7 Day CHG+0.01%
Published-15 Jun, 2022 | 20:01
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aXen ProjectVMware (Broadcom Inc.)Debian GNU/LinuxIntel CorporationFedora Project
Product-esxidebian_linuxsgx_dcapsgx_pswsgx_sdkfedoraxenIntel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2019-8730
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 30.91%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-459
Incomplete Cleanup
CVE-2022-21127
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.31%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 20:02
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aXen ProjectDebian GNU/LinuxIntel Corporation
Product-debian_linuxsgx_dcapsgx_pswsgx_sdkxenIntel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2022-21123
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 54.80%
||
7 Day CHG+0.01%
Published-15 Jun, 2022 | 19:59
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aXen ProjectVMware (Broadcom Inc.)Debian GNU/LinuxIntel CorporationFedora Project
Product-esxidebian_linuxsgx_dcapsgx_pswsgx_sdkfedoraxenIntel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2020-0543
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 66.38%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:55
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationMcAfee, LLCSiemens AGFedora ProjectopenSUSECanonical Ltd.
Product-celeron_2957uxeon_e3-1230_v5xeon_e3-1558l_v5core_i3-6300core_i7-4790tcore_m-5y3core_i7-5775rceleron_5305ucore_i7-4765tcore_i3-4025ucore_i7-9700kfcore_i7-4785tcore_i5-8400hceleron_g3940core_i3-4120ucore_i5-7y54core_i3-3250core_i5-4440simatic_ipc547g_firmwarecore_i5-3470score_i3-2115cxeon_e-2226gcore_i9-9900kfpentium_g4400txeon_e3-1226_v3xeon_e3-1280_v5xeon_e3-1265l_v2core_i7-8670pentium_a1018_v2core_i3-8145ucore_i7-6822eqcore_i5-4258ucore_i7-6700tecore_i3-7020ucore_i7-4770rxeon_e3-1501l_v6core_i3-8109ucore_i5-4260ucore_i7-7600ucore_i5-4670kxeon_e-2224core_i5-10110ycore_i7-3770celeron_g1830core_i3-7100ecore_i7-4770pentium_g3258xeon_e3-1505l_v6xeon_e-2278gecore_m5-6y54simatic_field_pg_m6_firmwaresimatic_ipc427d_firmwarecore_i5-4690tcore_i5-6600kcore_4415ycore_i5-5675ccore_i3-4360core_i7-4600uceleron_1020ecore_i5-8400bsimatic_ipc427e_firmwaresimatic_ipc647d_firmwarecore_i7-4980hqcore_i7-4710hqcore_i5-5250upentium_g4420celeron_1020mcore_i7-7820hkcore_i3-i3-8100hcore_i7-5850hqcore_i3-4170core_m-5y10ccore_i5-8550core_i3-4160txeon_e-2184gcore_i7-6970hqcore_i5-3340mxeon_e3-1265l_v4core_i3-6120tcore_i5-7500ucore_i5-8600celeron_g3930tecore_i5-3317uxeon_e-2136core_i7-10510ucore_i7-9700kceleron_3865ucore_i3-8100simatic_ipc527gpentium_g3460tcore_m7-6y75core_i3-3220pentium_g3440celeron_g4900tcore_m3-6y30core_i5-4570rfedorasimatic_ipc477d_firmwarecore_4205uxeon_e3-1535m_v5simatic_ipc527g_firmwarecore_i7-7700core_m-5y10simatic_field_pg_m5core_i3-7102ecore_i7-4712hqxeon_e3-1268l_v5celeron_2955ucore_i5-8600ksimatic_ipc477e_firmwarecore_i5-3550simatic_field_pg_m6core_i7-8750hxeon_e3-1501m_v6core_i5-8365usimatic_ipc827dcore_i5-4278ucore_i5-9600kfceleron_927ueceleron_g4930core_i5-7600core_i3-3227ucore_i5-3437upentium_g5400tcore_i5-4460xeon_e3-1270_v6core_i7-3920xmpentium_g2120_v2pentium_g3220xeon_e-2286mxeon_e3-1505m_v5pentium_g2020t_v2core_i3-5006upentium_3560mpentium_3561ycore_i7-5650uxeon_e-2276gcore_i3-8300xeon_e-2186gcore_i3-5005ucore_i5-7400tsimatic_ipc627dcore_i3-5020upentium_g3440txeon_e-2174gcore_i7-8809gxeon_e3-1105ccore_i5-5257ucore_i5-7260ucore_i7-8700bcore_m-5y70xeon_e3-1280_v2xeon_e3-1220_v2simotion_p320-4s_firmwarecore_i7-3612qepentium_g5420tcore_i5-4440score_i5-7267upentium_g3430core_i5-7y57_xeon_e3-1585_v5core_i5-10210ycore_i5-4402ecceleron_2970mcore_i7-6560upentium_g4420tpentium_g3460simatic_ipc477e_pro_firmwarecore_i5-8300hcore_i3-4020ycore_i3-4160pentium_3558ucore_i3-3229ycore_i7-5600uxeon_e3-1280_v3xeon_e3-1285_v3core_i5-3450pentium_3805ucore_4410yxeon_e3-1281_v3simatic_ipc647e_firmwarecore_i7-3632qmxeon_e3-1240l_v3pentium_gold_6405uceleron_g4920core_i3-6167uxeon_e-2274gcore_i7-3517uceleron_g1820xeon_e-2278gelcore_i5-3570xeon_e3-1270_v2xeon_e3-1280_v6xeon_e3-1225_v3core_i5-5200usimatic_ipc347e_firmwarecore_i7-7740xpentium_1405_v2core_i7-6500ucore_i3-3240tcore_i3-7110ucore_i3-8120celeron_g3902exeon_e-2124core_i9-9880hcore_i5-7287uxeon_e3-1275_v3simotion_p320-4ecore_i7-3940xmcore_i7-4950hqcore_i7-3740qmceleron_1047uecore_i5-6300ucore_i7-4700hqxeon_e-2276mecore_i7-8565uxeon_e3-1125ccore_i7-4770hqcore_i7-4910mqceleron_1019ycore_i5-7300hqcore_i7-7560uxeon_e3-1271_v3core_i3-6100hxeon_e3-1535m_v6simatic_ipc827d_firmwarecore_i5-8259uxeon_e3-1220_v5core_i7-4860hqcore_i7-3770kceleron_3765usimatic_ipc847ecore_i5-4300ucore_i3-3130msimatic_ipc427ecore_i7-6700hqpentium_2127u_v2simatic_ipc427dpentium_3665ucore_i3-3217uecore_i7-4850hqpentium_g3260core_i3-3240simotion_p320-4score_i5-6350hqpentium_3215ucore_i3-4150core_i5-7600tpentium_g2030_v2simatic_ipc3000_smartcore_i5-3360msimatic_ipc547ecore_i7-4702mqcore_i3-4100ucore_i5-4220ypentium_g3240xeon_e3-1258l_v4core_i7-7500ucore_i7-8550uubuntu_linuxxeon_e-2224gthreat_intelligence_exchange_servercore_i7-3687ucore_i7-4558ucore_i7-4550ucore_i7-4770sxeon_e-2226gecore_i7-6650ucore_i3-4340core_i3-4005ucore_m-5y71core_i5-6210ucore_i7-3612qmpentium_g5420pentium_g2140_v2core_i3-7167uceleron_g1620core_i3-6100tcore_i5-9400hcore_i7-8500ycore_i7-7567uleapcore_i7-5557ucore_i7-4960hqxeon_e3-1286_v3core_i5-4308upentium_g2020_v2celeron_3755ucore_i7-4710mqxeon_e3-1230_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarecore_i7-7820hqpentium_g5500txeon_e3-1585l_v5celeron_g3920tcore_i5-8210ycore_i7-3520mpentium_b915ccore_i3-6100eceleron_2980uceleron_3955ucore_i5-4210uxeon_e3-1275_v5xeon_e3-1221_v3xeon_e3-1240_v5xeon_e3-1230l_v3core_i7-6567usimatic_ipc677ecore_i7-5775ccore_i3-7101ecore_i7-3770txeon_e3-1515m_v5xeon_e3-1225_v5core_i5-8500core_i7-3635qmcore_9300hcore_i7-4790score_i7-7510ucore_i5-4570score_i7-8510ycore_i3-4350tceleron_g1610tcore_i5-8265upentium_3765ucore_i7-5700eqcore_i3-4012ycore_i3-6110ucore_i3-7007ucore_i5-6300hqxeon_e-2254mesimatic_field_pg_m4core_i5-6440hqcore_i7-7y75core_i7-4702eccore_i7-6700xeon_e3-1220_v3core_i3-8350kcore_i5-3337ucore_i5-7500txeon_e3-1505m_v6core_i5-3470core_i7-3689ycore_i7-7700kcore_i7-8705gpentium_g3450core_i7-8665uxeon_e-2276mcore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_e3-1220l_v2core_i3-4330core_i3-4170txeon_e3-1565l_v5xeon_e-2236core_i7-3537ucore_i7-4500uxeon_e3-1240_v6core_i5-6310ucore_i7-8700pentium_g3260tceleron_2981ucore_i3-6300tcore_i5-3330core_i3-6120core_i5-8400pentium_g3250tcore_i5-3380mcore_i7-3517uecore_i7-3720qmcore_i7-7700tcore_i5-10210ucore_i5-4350upentium_2030m_v2core_i7-6770hqcore_i7-8700kxeon_e3-1268l_v3core_m-5y10asimatic_ipc347ecore_i7-5850eqcore_i7-4578ucore_i5-7442eqxeon_e-2134pentium_2129y_v2core_i5-3550score_i3-4130tpentium_g4500tcore_i3-3220tcore_i7-4771core_i5-4590sxeon_e3-1285_v6core_i7-3667uceleron_725cxeon_e3-1278l_v4core_i3-3120mcore_i5-4250uxeon_e3-1220l_v3xeon_e3-1225_v6core_i3-4100msimatic_ipc847dcore_i7-10510yxeon_e3-1240l_v5core_i7-4722hqcore_i5-4430ssimatic_ipc477ecore_i5-6442eqcore_i7-4790simatic_field_pg_m4_firmwarecore_i5-8420tceleron_g3900core_i5-9600kxeon_e3-1290_v2pentium_3205uxeon_e3-1286l_v3xeon_e3-1125c_v2core_i5-3340core_i7-7700hqpentium_g5600core_i7-3540mxeon_e3-1245_v3core_i7-3610qecore_i3-8100hxeon_e3-1245_v5core_i7-6870hqxeon_e3-1230_v2pentium_3556upentium_g4500celeron_1005mcore_i5-4210hcore_i5-3330spentium_g3220tcore_i5-8350ucore_i7-4800mqcore_i3-4010ycore_i7-4750hqcore_i5-7300upentium_2117u_v2xeon_e3-1240_v2xeon_e-2246gcore_i5-8500tcore_8269ucore_i5-7500core_i5-4670rcore_i3-4110mcore_i5-4670tcore_i5-3610mecore_i5-4690core_i7-4700eqcore_i3-4370tcore_i5-6400pentium_3825upentium_b925cxeon_e3-1241_v3simatic_ipc677dcore_i5-3427ucore_i5-7200upentium_g4540core_i5-3570spentium_g2030t_v2celeron_g1820tceleron_g3930esimatic_ipc847e_firmwarecore_i7-4702hqcore_i9-8950hkpentium_g4520core_i7-3820qmpentium_4405ucore_i5-5350core_i7-7920hqxeon_e-2254mlxeon_e3-1545m_v5core_i5-8400tcore_i3-5015ucore_i5-4590simatic_ipc477e_procore_i3-4158ucore_m-5y51core_i5-8420core_i7-8670txeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5celeron_3965ucore_i7-4720hqcore_i7-5500uxeon_e3-1260l_v5simatic_ipc647ecore_i7-3840qm_core_i5-4570xeon_e3-1246_v3core_i3-7100hceleron_g1840core_i3-3245core_i3-4370xeon_e3-1265lxeon_e3-1235_v2core_i7-4610yxeon_e-2276mlxeon_e-2244gceleron_1037ucore_i9-9900kxeon_e-2176gcore_i5-4460txeon_e3-1275l_v3simatic_ipc3000_smart_firmwarecore_i3-4350celeron_g1630core_i3-6320tcore_i5-3320mcore_i5-4670core_i3-7120core_i7-8709gsimatic_ipc627ecore_i5-6287ucore_i5-4210ycore_i7-4712mqcore_i5-9400core_i3-8100tpentium_4415ucore_i7-4510ucore_i7-5950hqcore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-8557ucore_i7-5550uxeon_e3-1245_v2simatic_ipc547gceleron_g1610core_i7-8700tcore_i3-4150tcore_i7-4770kcore_i3-4030ucore_i7-6820hqcore_i5-7400core_i7-8650ucore_i7-3615qmcore_i5-4200ucore_i5-6600core_i7-6700tcore_i7-6920hqcore_i3-3115ccore_i3-6100uxeon_e3-1230_v6core_i3-4330tpentium_g4400tecore_i3-3110mcore_i5-4670sxeon_e3-1276_v3simatic_ipc627e_firmwarecore_i5-8500bxeon_e-2124gcore_i5-5575rxeon_e3-1231_v3core_i5-3230msimotion_p320-4e_firmwarexeon_e-2288gcore_i5-3475sxeon_e-2234core_i7-4900mqpentium_g4520tcore_i3-6320core_i5-9400fcore_i7-6700kcore_i3-8000core_i7-9850hpentium_3560ycore_i3-7320tcore_i5-7440eqceleron_1007ucore_i7-8560uceleron_g3900tcore_i7-3770score_i5-4690score_i3-8000tceleron_g3920core_i5-6400tpentium_g2130_v2core_i3-7100uceleron_g1850core_i5-5287ucore_i3-7101tesimatic_ipc677d_firmwarecore_i5-3570txeon_e3-1105c_v2core_i5-7600kcore_m5-6y57core_i5-8250upentium_g2010_v2core_5405usimatic_ipc547e_firmwarexeon_e-2126gcore_i5-3340score_i3-4130core_i7-7820eqcore_i5-3570kceleron_g1840tcore_i5-4300ycore_i5-7360uxeon_e3-1240_v3core_i7-4700mqcore_i5-6500core_i3-7340celeron_1017ucore_9750hfcore_i3-5157uxeon_e3-1220_v6core_i5-6200ucore_i5-3339ycore_m3-8100ysimatic_ipc477dcore_i5-5675rxeon_e3-1225_v2xeon_e-2186mcore_i3-4030ysimatic_itp1000_firmwarexeon_e-2176mxeon_e3-1285_v4core_i3-3250tcore_i7-6820hkpentium_g3420pentium_g3420tpentium_g4400core_i3-3120mecore_i5-4570tcore_i5-10310ycore_i7-3615qecore_i7-3630qmxeon_e-2284gcore_i3-6102ecore_i3-3210core_i5-6600tcore_i5-4430core_i3-8020core_i5-3439ycore_i7-4810mqxeon_e3-1275_v6core_i7-6510uxeon_e3-1575m_v5xeon_e-2278gxeon_e3-1505l_v5xeon_e3-1245_v6core_i3-4010ucore_i7-8850hcore_i5-7210ucore_i3-7130ucore_i7-4650ucore_i7-3555lecore_i7-4760hqsimatic_itp1000core_i5-5350ucore_i7-4700eccore_i7-6820eqcore_i7-3610qmcore_i7-4770tcore_i5-8650simatic_ipc647dcore_i5-6500texeon_e3-1235l_v5core_i7-5700hqcore_m3-7y30xeon_e3-1285l_v3core_i5-4202ycore_i5-4302yceleron_g4950celeron_1000mcore_i3-4360tpentium_g2120t_v2core_i3-3225celeron_g4900pentium_4405ycore_i3-3217ucore_i3-5010upentium_g5500xeon_e3-1275_v2core_i5-8200ycore_i3-6100core_i5-4460score_i5-8310ycore_i5-7640xpentium_g3450tsimatic_ipc627d_firmwareceleron_g1620tcore_i5-7440hqcore_i5-6360uxeon_e-2144gcore_i7-8569ucore_i5-8650kcore_i5-3470tcore_i7-5750hqcore_i5-4590tcore_i5-6267ucore_i5-3350pcore_i5-4288uceleron_3965ypentium_g3470core_i5-3450sceleron_g3900tepentium_g3240tcore_i5-3210mceleron_3855usimatic_ipc677e_firmwarecore_i5-6440eqcore_i5-4200ycore_i5-8600tcore_i5-8305gcore_i9-9980hkcore_i7-4870hqcore_i7-8559upentium_g2100t_v2xeon_e-2146gcore_i3-6100tepentium_g3250core_i3-8130upentium_g5400pentium_2020m_v2xeon_e3-1270Intel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2020-0258
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.98%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:32
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-459
Incomplete Cleanup
CVE-2024-56812
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.01% / 1.63%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 14:47
Updated-07 Jul, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX information disclosure

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-entirexwindowslinux_kernelEntireX
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-56811
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 14:48
Updated-07 Jul, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX information disclosure

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-entirexwindowslinux_kernelEntireX
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-4688
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 20:26
Updated-26 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-56493
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 14:47
Updated-07 Jul, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX information disclosure

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-entirexwindowslinux_kernelEntireX
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-54526
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.57%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:57
Updated-16 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CVE-2024-54507
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 27.45%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 21:46
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-54469
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 19:11
Updated-14 Mar, 2025 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osvisionosipadosmacOSvisionOSiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-54531
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.87%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:58
Updated-16 Dec, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-54484
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.64%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:59
Updated-13 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-54527
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.87%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:58
Updated-16 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CVE-2024-54477
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-13 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54513
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 6.08%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-13 Dec, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosvisionosmacoswatchOSmacOSvisionOStvOSiOS and iPadOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-54504
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.87%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:58
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54541
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.63%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosvisionosipadosmacOSiOS and iPadOStvOSvisionOSwatchOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54476
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-19 Dec, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20399
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 19:15
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-20307
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.57%
||
7 Day CHG-0.01%
Published-11 Aug, 2022 | 15:23
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-198782887

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-21140
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.32%
||
7 Day CHG-0.01%
Published-18 Aug, 2022 | 19:43
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-wireless_7265_\(rev_d\)_firmwarewi-fi_6e_ax411_firmwarewireless-ac_9461wireless-ac_9560_firmwarewireless-ac_9260_firmwarewi-fi_6e_ax211_firmwaredual_band_wireless-ac_3168killer_wi-fi_6_ax1650dual_band_wireless-ac_3165_firmwarewi-fi_6_ax200_firmwarewi-fi_6_ax201_firmwareproset_wi-fi_6e_ax210dual_band_wireless-ac_8265killer_wi-fi_6_ax1650_firmwarewireless-ac_9462dual_band_wireless-ac_3165wireless-ac_9462_firmwarewireless_7265_\(rev_d\)wi-fi_6_ax200dual_band_wireless-ac_3168_firmwarekiller_wi-fi_6e_ax1690_firmwarewireless-ac_9260killer_ac_1550_firmwaredual_band_wireless-ac_8260_firmwarewi-fi_6e_ax411killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwarekiller_wi-fi_6e_ax1675killer_wi-fi_6e_ax1690dual_band_wireless-ac_8260dual_band_wireless-ac_8265_firmwarewi-fi_6_ax201wireless-ac_9461_firmwarewireless-ac_9560killer_ac_1550wi-fi_6e_ax211Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products
CVE-2022-20552
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.74%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2024-49733
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.63%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-4905
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.

Action-Not Available
Vendor-Apple Inc.VMware (Broadcom Inc.)
Product-workstation_proworkstation_playerfusion_proesxifusionmac_os_xESXiFusion Pro / FusionWorkstation Pro / Player
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-1018
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-2197
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:34
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2024-44135
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.94%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43227
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 65.45%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-01 Oct, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Information Disclosure Vulnerability

Storage Spaces Controller Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019
CVE-2019-2183
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.45%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:23
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-43235
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.66%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Information Disclosure Vulnerability

Storage Spaces Controller Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019
CVE-2020-17004
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.56%
||
7 Day CHG-0.01%
Published-11 Nov, 2020 | 06:47
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Information Disclosure Vulnerability

Windows Graphics Component Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2021-43224
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-14.95% / 94.28%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Information Disclosure Vulnerability

Windows Common Log File System Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-43243
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VP9 Video Extensions Information Disclosure Vulnerability

VP9 Video Extensions Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-vp9_video_extensionsVP9 Video Extensions
CVE-2024-44278
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.03%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-11 Dec, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadosvisionosmacosvisionOSwatchOSmacOSiOS and iPadOS
CVE-2021-41023
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 18:26
Updated-25 Oct, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

Action-Not Available
Vendor-Fortinet, Inc.Microsoft Corporation
Product-fortisiemwindowsFortinet FortiSIEMWindowsAgent
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-16854
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.75% / 72.09%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 10 Version 1709Windows 10 Version 1909Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2024-44205
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.60%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 16:40
Updated-05 Nov, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-44166
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.93%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-44186
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.09%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-18 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-44129
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.08%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-18 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-41374
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.32% / 54.21%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-01 Oct, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Sphere Information Disclosure Vulnerability

Azure Sphere Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sphereAzure Sphere
CVE-2024-44099
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 10:34
Updated-28 Oct, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44254
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.60%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-30 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadoswatchoswatchOSmacOSiOS and iPadOS
CVE-2024-44190
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-17 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-16985
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.48% / 64.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:47
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Sphere Information Disclosure Vulnerability

Azure Sphere Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sphereAzure Sphere
CWE ID-CWE-908
Use of Uninitialized Resource
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 35
  • 36
  • Next
Details not found