Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28514

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-19 May, 2023 | 14:43
Updated At-12 Feb, 2025 | 16:45
Rejected At-
Credits

IBM MQ information disclosure

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:19 May, 2023 | 14:43
Updated At:12 Feb, 2025 | 16:45
Rejected At:
â–¼CVE Numbering Authority (CNA)
IBM MQ information disclosure

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Affected Products
Vendor
IBM CorporationIBM
Product
MQ
Default Status
unaffected
Versions
Affected
  • 8.0, 9.0 LTS, 9.0 CD, 9.1 LTS
Problem Types
TypeCWE IDDescription
CWECWE-209CWE-209 Generation of Error Message Containing Sensitive Information
Type: CWE
CWE ID: CWE-209
Description: CWE-209 Generation of Error Message Containing Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6985835
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/250398
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/6985835
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/250398
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6985835
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/250398
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6985835
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/250398
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:19 May, 2023 | 15:15
Updated At:26 May, 2023 | 15:42

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
HP Inc.
hp
>>hp-ux>>-
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>i>>-
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>-
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>mq>>8.0.0.0
cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>mq>>9.0.0.0
cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*
IBM Corporation
ibm
>>mq>>9.1.0
cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*
IBM Corporation
ibm
>>mq>>9.1.0.0
cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
Weaknesses
CWE IDTypeSource
CWE-209Primarypsirt@us.ibm.com
CWE ID: CWE-209
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/250398psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6985835psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/250398
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6985835
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

960Records found
CVE-2026-20838
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_25h2windows_server_2022_23h2windows_server_2025windows_11_24h2windows_11_23h2windows_server_2022Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 11 Version 25H2
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-35640
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 23:05
Updated-19 Oct, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-52896
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.20%
||
7 Day CHG+0.02%
Published-19 Dec, 2024 | 17:01
Updated-19 Aug, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-mqlinux_kernelwindowslinux_on_ibm_zMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-52898
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 20.35%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 16:49
Updated-03 Jul, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncIBM Corporation
Product-linux_kernellinux_on_ibm_zwindowsmqMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-55676
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.71%
||
7 Day CHG+0.04%
Published-14 Oct, 2025 | 17:00
Updated-13 Feb, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows USB Video Class System Driver Information Disclosure Vulnerability

Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows 11 Version 24H2Windows 11 Version 25H2Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-53803
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_1607windows_10_21h2windows_11_23h2windows_server_2012windows_server_2016windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-47381
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 15:03
Updated-25 Sep, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASoC: SOF: Fix DSP oops stack dump output contents

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-4619
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 25.69%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:25
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxmq_appliancewindowswebsphere_mqmqaixMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-4420
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.

Action-Not Available
Vendor-IBM Corporation
Product-intelligent_operations_center_for_emergency_managementwater_operations_for_waternamicsintelligent_operations_centerIntelligent Operations Center
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-56812
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.02% / 5.64%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 14:47
Updated-07 Jul, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX information disclosure

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-entirexwindowslinux_kernelEntireX
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-52897
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.20%
||
7 Day CHG+0.02%
Published-19 Dec, 2024 | 17:18
Updated-19 Aug, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-mqlinux_kernelwindowslinux_on_ibm_zMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-39.09% / 97.17%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-0755
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 66.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2021-31955
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.65% / 89.05%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-30 Oct, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1909windows_10_21h1windows_server_2004windows_10_1809windows_server_2019windows_10_2004windows_server_20h2windows_10_20h2Windows Server 2019Windows 10 Version 2004Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Windows Server version 2004Windows
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2021-31829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 15:43
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-31821
Matching Score-8
Assigner-Octopus Deploy
ShareView Details
Matching Score-8
Assigner-Octopus Deploy
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 05:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image

Action-Not Available
Vendor-Microsoft CorporationOctopus Deploy Pty. Ltd.
Product-windowstentacleOctopus Tentacle
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-32553
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-12 Jun, 2021 | 03:40
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport read_file() function could follow maliciously constructed symbolic links

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkapport
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2008-3893
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.82% / 74.00%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-03 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31960
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 60.31%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bind Filter Driver Information Disclosure Vulnerability

Windows Bind Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CVE-2021-31972
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 61.70%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event Tracing for Windows Information Disclosure Vulnerability

Event Tracing for Windows Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2022-35831
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 70.22%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:41
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Information Disclosure Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows 11 version 21H2Windows 10 Version 20H2Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2016Windows Server 2012 R2Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 8.1Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows Server 2019
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0744
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.04% / 77.03%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-21222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.04%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-13 Feb, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_server_2022_23h2windows_10_1607windows_server_2019Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-20932
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_server_2019windows_server_2022_23h2windows_11_23h2windows_10_22h2windows_10_1607windows_11_25h2windows_server_2016windows_11_24h2windows_10_1809windows_server_2022windows_10_21h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 11 Version 25H2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31184
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.39% / 84.71%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2026-20818
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022_23h2windows_server_2025windows_server_2019windows_server_2022Windows Server 2025Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-35758
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.76%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 18:07
Updated-02 Jan, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_10_1507windows_server_20h2windows_rt_8.1windows_11_21h2windows_7windows_10_20h2windows_server_2022windows_10_21h1windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2026-20862
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Management Services Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2019
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-20823
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 11 Version 25H2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-20819
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_25h2windows_11_24h2Windows 11 Version 24H2Windows 11 Version 25H2Windows 11 Version 23H2Windows 11 version 22H3
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2016-2383
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-27 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelleapubuntu_linuxn/a
CVE-2026-20829
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TPM Trustlet Information Disclosure Vulnerability

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2019
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-0985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 16:21
Updated-30 Sep, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
CVE-2026-20827
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 11 Version 25H2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-35719
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 16:45
Updated-25 Apr, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-mq_internet_pass-thruMQ Internet Pass-Thru
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-35720
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.3||LOW
EPSS-0.03% / 8.45%
||
7 Day CHG+0.02%
Published-08 Feb, 2023 | 18:24
Updated-25 Mar, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-sterling_external_authentication_serverlinux_kernelsterling_secure_proxylinux_on_ibm_zwindowsaixSterling Secure ProxySterling External Authentication Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2026-20835
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_25h2windows_11_24h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 25H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20935
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:57
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_11_25h2Windows 11 Version 24H2Windows 11 Version 25H2Windows 11 Version 23H2Windows 11 version 22H3
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2026-20821
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_server_2008windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0371
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.21%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.Apple Inc.IBM CorporationMicrosoft Corporation
Product-tivoli_storage_manageraixsolarismac_os_xlinux_kernelhp-uxwindowsTivoli Storage Manager
CVE-2021-31191
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 61.12%
||
7 Day CHG+0.01%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2015-9289
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.53%
||
7 Day CHG~0.00%
Published-27 Jul, 2019 | 21:38
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20851
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows 11 Version 24H2Windows 11 Version 25H2Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31174
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 66.19%
||
7 Day CHG+0.02%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverofficeexceloffice_web_apps_server365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Office 2016Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31188
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.14% / 78.09%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2026-20833
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Information Disclosure Vulnerability

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022_23h2windows_server_2025windows_server_2019windows_server_2008windows_server_2022windows_server_2012Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2026-20805
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-7.21% / 91.41%
||
7 Day CHG+0.94%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Desktop Window Manager Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34355
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.91%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 20:43
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Jazz Foundation information disclosure

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_lifecycle_managementcollaborative_lifecycle_managementEngineering Lifecycle Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34710
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.68% / 89.08%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:54
Updated-29 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Defender Credential Guard Information Disclosure Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2019windows_10windows_11windows_server_2016Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34728
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.17% / 88.43%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:41
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Information Disclosure Vulnerability

Windows Graphics Component Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 7Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1Windows Server 2012Windows 10 Version 1507Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2016Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 8.1Windows Server 2016 (Server Core installation)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found