Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-29820

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 May, 2023 | 00:00
Updated At-24 Jan, 2025 | 15:32
Rejected At-
Credits

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 May, 2023 | 00:00
Updated At:24 Jan, 2025 | 15:32
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secureanywhere.com
N/A
http://webroot.com
N/A
https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/
N/A
Hyperlink: http://secureanywhere.com
Resource: N/A
Hyperlink: http://webroot.com
Resource: N/A
Hyperlink: https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secureanywhere.com
x_transferred
http://webroot.com
x_transferred
https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/
x_transferred
Hyperlink: http://secureanywhere.com
Resource:
x_transferred
Hyperlink: http://webroot.com
Resource:
x_transferred
Hyperlink: https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-552CWE-552 Files or Directories Accessible to External Parties
Type: CWE
CWE ID: CWE-552
Description: CWE-552 Files or Directories Accessible to External Parties
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:12 May, 2023 | 11:15
Updated At:24 Jan, 2025 | 16:15

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
webroot
webroot
>>secureanywhere>>Versions up to 9.0.33.39(inclusive)
cpe:2.3:a:webroot:secureanywhere:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-668Primarynvd@nist.gov
CWE-552Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-668
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-552
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secureanywhere.comcve@mitre.org
Product
http://webroot.comcve@mitre.org
Product
https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/cve@mitre.org
Third Party Advisory
http://secureanywhere.comaf854a3a-2127-422b-91ae-364da2661108
Product
http://webroot.comaf854a3a-2127-422b-91ae-364da2661108
Product
https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://secureanywhere.com
Source: cve@mitre.org
Resource:
Product
Hyperlink: http://webroot.com
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secureanywhere.com
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: http://webroot.com
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

69Records found
CVE-2022-40523
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure in Kernel

Information disclosure in Kernel due to indirect branch misprediction.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresnapdragon_850_mobile_compute_platform_firmwaresm7325-ae_firmwaresm6250p_firmwareqcs610sc8180x-ab_firmwareqca8337qca6431_firmwareqam8775pwcn3950_firmwaresa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_x70_modem-rf_systemqca6335sm8350sdm670csra6620_firmwaresd_675_firmwarecsra6640_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwareqam8295pwcn3950qcn6024_firmwaresm4125sd_8_gen1_5g_firmwaresm6375_firmwaresm7150-acqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420snapdragon_xr2\+_gen_1_platformsc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsc8180xp-aa_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqca4004_firmwaresd662_firmwaresm7250-ab_firmwareqca6430robotics_rb3_platformwcd9306_firmwarewcd9340qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255pqca6431qca6696_firmwaresc8180xp-ab_firmwarewcd9371sc8180x-abqca6797aqwcn3910_firmwaresm4350_firmwaresd_8cxsa8150pqca4004sm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwaresa8295p_firmwaresnapdragon_675_mobile_platform_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaressg2125pqca6564au9205_lte_modemsd670_firmwareqca6574snapdragon_7c\+_gen_3_computewcd9380sc8180xp-aaqcs410sm7150-aa_firmwaresxr1230psc8180xp-ad_firmwaresc8180x-ac_firmwareqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qcs8250qca6426_firmwaresm4450qca9984sc8180x-adqcn9024wcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresa8295psm7150-aa9205_lte_modem_firmwaresm6350wcn6740_firmwareqca6421_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemar8031_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresm6350_firmwareqca6797aq_firmwarewcn785x-1_firmwaresd670qcn9024_firmwareqca6564a_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemsc8180xp-ac_firmwarewsa8832sa8540pqcs610_firmwareqsm8250sa6145par8031qcs4490qca6595_firmwaresc8280xp-bbqca6391_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675ssg2115p_firmwareqam8255par8035_firmwareqcm2290qsm8250_firmwareqcn7606wcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresm6125snapdragon_850_mobile_compute_platformsnapdragon_x24_lte_modem_firmwareqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwaresc7180-acqca6390_firmwaresd730_firmwarewcd9370sd675_firmwaressg2115pqca6426sc8280xp-abwcn3990_firmwareqrb5165n_firmwareqca9984_firmwareqca9377sm8450sm8250-absd_8cx_firmwarewcd9385_firmwarewcd9326_firmwaresd662qam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemsa9000p_firmwaresdx55_firmwareqca6595ausm7325-af_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwaresm4350-acqrb5165nwcd9306qca6564au_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwaresm6225snapdragon_x70_modem-rf_system_firmwareqcs6490qcs8550_firmwaresm8250_firmwarevision_intelligence_300_platform_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwareqca6421sm7250-aasm6250wsa8810_firmwaresm4375_firmwarevision_intelligence_400_platformsm8450_firmwaresc7180-adwcd9326wcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwareqca8081qcm4490qca6174a_firmwareqcs4290_firmwaresnapdragon_wear_1300_platform_firmwaresxr2130_firmwarewcd9385qcs6490_firmwaresm7150-absc8180x-acqca6390wcd9375ar8035aqt1000sm6250_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsm8150wsa8815_firmwareqcm6490wsa8835_firmwaresm7350-abqca6564awcn785x-1qcm2290_firmwarewcn3990sd_675sd865_5gqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresc7180-ad_firmwaresa8540p_firmwaresd_8_gen1_5gsm6250psc8180xp-acsxr2130ssg2125p_firmwareqca6574asmart_audio_400_platformwcn685x-5_firmwaresc8180x-afqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresa9000pqca6574_firmwaresm7250-absd855sm4125_firmwaresm7325p_firmwaresxr2230psdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwarevision_intelligence_300_platformsd460qca6391sm8250-ab_firmwaresc8280xp-ab_firmwareaqt1000_firmwareqcm4490_firmwareqcm4290qcm6490_firmwarewsa8832_firmwarewcn685x-5qcn9011sm6225_firmwaresc8180xp-af_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwarewsa8810sm7250-aa_firmwaresc8180x-aa_firmwaresm7250-acsm8150-ac_firmwaresnapdragon_ar2_gen_1_platformsc8180x-aasm8350-acqam8650p_firmwaresnapdragon_675_mobile_platformsc8180x-af_firmwarewcn6740qca6696qcs8550sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsc8180xp-abqcn6024sc8180x-ad_firmwaresm7250pqcs410_firmwaresnapdragon_wear_1300_platformsm7325_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-40525
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in Linux Networking Firmware

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6005qca8072qcn9070qcn9274qcn9000qcn5052qcn9070_firmwareqca8084ipq6028_firmwareipq6010ipq9008qcn9074qca4024_firmwareqca8082qca8085ipq9574qca8386qcn5122qcn9024_firmwareqcn9072csr8811_firmwareqcn5121_firmwareipq6000qca8081qca8075_firmwareipq6005_firmwareipq6018qcn5022qcn5152_firmwareqcn6023qca8085_firmwareipq6010_firmwareqca8072_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareipq9008_firmwareqcn6024_firmwareipq6018_firmwareqca4024csr8811qca8386_firmwareqca8084_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022qcn9072_firmwareqca8082_firmwareipq6000_firmwareipq6028qcn5021qcn5121qcn5122_firmwareqcn5152ipq9574_firmwareqca8081_firmwareqcn5022_firmwareqcn6023_firmwareqcn9024qcn9074_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-39349
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.08%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tasks.org vulnerable to data exfiltration by malicous app or adb

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds.

Action-Not Available
Vendor-taskstasks
Product-taskstasks
CWE ID-CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-42744
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.94%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 18:36
Updated-02 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips MRI 1.5T and 3T Information Exposure

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Action-Not Available
Vendor-Philips
Product-mri_1.5tmri_3tmri_3t_firmwaremri_1.5t_firmwareMRI 3TMRI 1.5T
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-30921
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:50
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-28168
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-6.2||MEDIUM
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 17:35
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

Action-Not Available
Vendor-Oracle CorporationEclipse Foundation AISBL
Product-communications_cloud_native_core_policyjerseycommunications_cloud_native_core_unified_data_repositoryEclipse Jersey
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-25357
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.6||MEDIUM
EPSS-0.02% / 5.08%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:34
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-26343
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7313pepyc_7543epyc_7573xepyc_7663_firmwareepyc_7543p_firmwareepyc_7313_firmwareepyc_7313epyc_7413_firmwareepyc_7543pepyc_7643epyc_74f3epyc_7543_firmwareepyc_7443epyc_75f3epyc_7453epyc_7513epyc_7763_firmwareepyc_7343epyc_7773x_firmwareepyc_73f3_firmwareepyc_7713p_firmwareepyc_7713pepyc_7373xepyc_7443pepyc_7453_firmwareepyc_7773xepyc_7513_firmwareepyc_7713_firmwareepyc_72f3_firmwareepyc_7743epyc_7573x_firmwareepyc_7443p_firmwareepyc_73f3epyc_7763epyc_7313p_firmwareepyc_7743_firmwareepyc_7373x_firmwareepyc_7643_firmwareepyc_72f3epyc_74f3_firmwareepyc_75f3_firmwareepyc_7003_firmwareepyc_7713epyc_7343_firmwareepyc_7003epyc_7443_firmwareepyc_7413epyc_76633rd Gen EPYC
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-26327
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 31.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:18
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7313epyc_7443_firmwareepyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_7443epyc_74f3_firmwareepyc_7513epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7513_firmwareepyc_7543p_firmwareepyc_7003epyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYCâ„¢
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-26312
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.23%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:55
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7451epyc_7261epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7351p_firmwareepyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7601epyc_7302epyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7371epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7551epyc_7281epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3Athlonâ„¢ SeriesRyzenâ„¢ SeriesEPYCâ„¢ Processors
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-25352
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:11
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-bixby_voiceBixby Voice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-25652
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.53%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 08:55
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

Action-Not Available
Vendor-Avaya LLC
Product-aura_appliance_virtualization_platformAvaya Aura Appliance Virtualization Platform Utilities
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-22572
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 15:05
Updated-21 Apr, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data-transfer-project information disclosure via tmp directory

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969

Action-Not Available
Vendor-Google LLC
Product-data_transfer_projectData-Transfer-Project
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-21290
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.53%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 20:10
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.

Action-Not Available
Vendor-quarkusThe Netty ProjectNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-banking_trade_finance_process_managementdebian_linuxquarkuscommunications_messaging_servernettynosql_databasecommunications_design_studioactive_iq_unified_managerbanking_corporate_lending_process_managementcloud_secure_agentbanking_credit_facilities_process_managementcommunications_brm_-_elastic_charging_enginesnapcenternetty
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-12488
Matching Score-4
Assigner-Vivo Mobile Communication Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Vivo Mobile Communication Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 15:49
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access Control Vulnerability in Jovi Smart Scene

The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.

Action-Not Available
Vendor-vivovivo
Product-jovi_smart_sceneJovi Smart Scene
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2019-8702
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xtvosmacOSiOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-43449
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.21%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:15
Updated-02 May, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file read via download_server.

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-38087
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 14.68%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_platinum_8153xeon_d-2796texeon_w-10885m_firmwarexeon_w-1350_firmwarecore_i3-9100_firmwarexeon_w-3245mxeon_bronze_3104_firmwarexeon_gold_6146xeon_e-2378gcore_i7-1068ng7xeon_gold_6126f_firmwarexeon_d-2738core_i5-1035g7core_i3-10105f_firmwarexeon_platinum_8168_firmwarecore_i3-8350k_firmwarexeon_silver_4108_firmwarecore_i3-9350k_firmwarexeon_e-2124g_firmwarexeon_d-1527core_i7-9700kfxeon_gold_5115xeon_d-2766ntcore_i5-8305g_firmwarecore_i5-7500_firmwarexeon_e-2314xeon_gold_6136xeon_gold_6138f_firmwarexeon_e-2254me_firmwarecore_i7-10870h_firmwarecore_i5-8400hxeon_w-2125xeon_platinum_8170xeon_e-2276me_firmwarecore_i5-7y54xeon_gold_6138xeon_d-2163it_firmwarecore_i7-1060g7_firmwarexeon_platinum_8164core_i7-9700xeon_d-1521_firmwarecore_i5-10200hxeon_e-2226gcore_i9-9900kfxeon_w-1250p_firmwarexeon_silver_4116t_firmwarecore_i3-10100f_firmwarexeon_d-2766nt_firmwarexeon_d-2775te_firmwarexeon_d-1557_firmwarecore_i5-1035g4xeon_w-2255core_i5-10400hcore_i3-8145ucore_i7-10700k_firmwarexeon_d-1518xeon_w-11555mlexeon_e-2276m_firmwarecore_i5-9600_firmwarecore_i5-9600t_firmwarexeon_d-1714core_i3-10100ycore_i3-7020uxeon_d-2799_firmwarecore_i7-9700tecore_i5-10400tcore_i3-8109uxeon_platinum_8168core_i5-10310ucore_i7-7600ucore_i5-9400f_firmwarexeon_e-2224xeon_d-1734nt_firmwarexeon_e-2186m_firmwarecore_i5-7y57_firmwarecore_i7-10700t_firmwarecore_i7-9700f_firmwarecore_i5-9500e_firmwarecore_i3-7100e_firmwarecore_i3-7100ecore_i3-7300xeon_d-1567_firmwarexeon_e-2378xeon_d-1567core_i5-8269u_firmwarexeon_e-2278gexeon_gold_6138t_firmwarexeon_e-2134_firmwarexeon_silver_4116_firmwarexeon_d-2173it_firmwarecore_i5-10600_firmwarexeon_w-2245core_i3-9100hlxeon_gold_5122xeon_platinum_8180_firmwarexeon_d-1746terxeon_w-3335_firmwarexeon_gold_6126_firmwarecore_i5-10400core_i7-7600u_firmwarecore_i5-8400bcore_i3-9300t_firmwarecore_i7-10610u_firmwarecore_i7-10710u_firmwarecore_i5-10500tecore_i7-7820hkxeon_w-1250e_firmwarexeon_w-1250te_firmwarecore_i5-9500_firmwarexeon_w-3335xeon_w-1290tcore_i5-8400h_firmwarexeon_w-11155mre_firmwarecore_i3-9100texeon_gold_6150_firmwarecore_i7-9700fcore_i9-10980hkxeon_platinum_8156xeon_w-3345_firmwarecore_i5-8600xeon_e-2136core_i7-10510ucore_i7-9700kcore_i5-10400t_firmwarecore_i5-9400_firmwarexeon_bronze_3106_firmwarecore_i7-8500y_firmwarexeon_gold_6138_firmwarexeon_d-2177nt_firmwarexeon_d-1533n_firmwarecore_i3-10100ecore_i3-8100core_i7-1060g7xeon_w-2265core_i9-10900xeon_w-10855mxeon_w-2245_firmwarexeon_w-1390p_firmwarexeon_w-10855m_firmwarexeon_e-2374g_firmwarexeon_gold_6126fcore_i3-7300_firmwarexeon_d-1712trxeon_d-1539core_i3-10100txeon_w-3375_firmwarexeon_silver_4109t_firmwarexeon_w-1390t_firmwarexeon_d-1713ntexeon_w-11555mrecore_i5-7287u_firmwarecore_i7-7700xeon_d-2752ter_firmwarexeon_silver_4114_firmwarexeon_d-2733nt_firmwarexeon_e-2386gcore_i9-10900kcore_i3-10325_firmwarecore_i7-7820hq_firmwarecore_i3-7102ecore_i7-7920hq_firmwarexeon_d-2146ntcore_i5-8600kxeon_platinum_8160fxeon_d-1577_firmwarecore_i7-10700te_firmwarexeon_e-2124_firmwarecore_i9-10900fcore_i7-8700k_firmwarexeon_platinum_p-8136xeon_w-2223_firmwarecore_i7-8700_firmwarecore_i7-8750hcore_i3-10105t_firmwarecore_i5-8365uxeon_e-2226ge_firmwarexeon_d-2187ntcore_i5-9600kfcore_i5-8500b_firmwarexeon_d-1732tecore_i3-10100tecore_i3-7100u_firmwarecore_i5-10400_firmwarecore_i5-7600xeon_w-3265_firmwarexeon_platinum_8158_firmwarecore_i7-10700fxeon_gold_5120_firmwarexeon_d-2776nt_firmwarexeon_e-2286mcore_i5-1030g4_firmwarecore_i7-9850he_firmwarecore_i7-8557u_firmwarexeon_w-1270te_firmwarexeon_d-1732te_firmwarexeon_d-2166ntcore_i7-1068ng7_firmwarecore_i7-10750hxeon_silver_4114t_firmwarexeon_w-2195core_i7-7820eq_firmwarexeon_gold_6134_firmwarexeon_e-2276gxeon_w-1290p_firmwarecore_i3-8300xeon_w-1390core_i3-1000g4xeon_e-2186gxeon_w-3235_firmwarecore_i5-7267u_firmwarecore_i5-7400txeon_gold_6130t_firmwarexeon_silver_4116txeon_d-2183itxeon_w-3365_firmwarexeon_e-2174gxeon_d-1622core_i3-7100core_i7-8809gcore_i3-8145uecore_i5-10400h_firmwarecore_i5-7260ucore_i7-8700bxeon_w-2145_firmwarexeon_d-2145ntcore_i5-10500_firmwarecore_i7-7500u_firmwarexeon_gold_6126t_firmwarecore_i5-7267uxeon_w-1250pxeon_e-2334_firmwarecore_i5-10210ycore_i7-7820hk_firmwarecore_i5-10500ecore_i9-9900kf_firmwarecore_i5-9400txeon_w-2123xeon_w-3275mcore_i5-10210u_firmwarecore_i5-9500fcore_i5-8300hcore_i5-8600t_firmwarexeon_gold_5119t_firmwarecore_i5-10600txeon_d-1736xeon_e-2356gcore_i7-9850hecore_i3-10110yxeon_d-1513n_firmwarecore_i5-10600kfcore_i3-7300t_firmwarexeon_gold_6142_firmwarecore_i7-10700exeon_silver_4108xeon_gold_6130tcore_i5-10500h_firmwarecore_i9-9900kscore_i5-9600core_i7-10870hxeon_w-11555mre_firmwarecore_i5-7300u_firmwarecore_i5-8600_firmwarecore_i3-9100fcore_i5-9600kf_firmwarexeon_bronze_3106xeon_e-2224_firmwarecore_i7-9750hfcore_i5-9300h_firmwarexeon_e-2274gcore_i7-10700kxeon_d-2786nte_firmwarecore_i5-9500core_i3-9320_firmwarexeon_e-2278gelcore_i3-8145ue_firmwarexeon_d-1540core_i5-10500te_firmwarecore_i5-8400b_firmwarexeon_platinum_8160tcore_i3-8100_firmwarexeon_d-1528xeon_d-1715ter_firmwarexeon_e-2124core_i9-9880hcore_i7-10710ucore_i5-7287ucore_i7-10700kfcore_i5-8500t_firmwarexeon_w-1350p_firmwarexeon_d-2141ixeon_d-1541core_i3-7100h_firmwarexeon_w-1250tecore_i5-8300h_firmwarexeon_d-1633n_firmwarexeon_e-2136_firmwarexeon_e-2276g_firmwarexeon_e-2276mecore_i7-8565uxeon_d-1747nte_firmwarecore_m3-7y32_firmwarecore_i5-7300hq_firmwarexeon_e-2274g_firmwarecore_i3-10300_firmwarecore_i5-7300hqcore_i7-7560ucore_i7-8706g_firmwarexeon_w-2133_firmwarecore_i5-7400t_firmwarexeon_d-1548core_i3-8100t_firmwarecore_i5-8259uxeon_d-1649nxeon_d-1529xeon_w-11955m_firmwarecore_i9-9900core_i7-10510y_firmwarexeon_w-1250_firmwarecore_i3-10100e_firmwarecore_i7-9850hl_firmwarexeon_platinum_8160xeon_gold_5115_firmwarexeon_w-3265m_firmwarexeon_platinum_8156_firmwarexeon_w-11555mle_firmwarexeon_w-11865mle_firmwarexeon_e-2146g_firmwarecore_i7-8850h_firmwarexeon_gold_5118_firmwarecore_i5-1038ng7_firmwarecore_i3-8140uxeon_d-2738_firmwarexeon_e-2336xeon_e-2388gcore_i7-9700kf_firmwarexeon_w-2225_firmwarecore_i3-10105core_i7-9850h_firmwarexeon_gold_6146_firmwarexeon_d-1713ntcore_i3-10100te_firmwarexeon_gold_6148fxeon_gold_6132xeon_d-2752terxeon_d-2799core_i3-7100_firmwarecore_i5-7600txeon_d-2795ntcore_i9-10900k_firmwarexeon_w-1270_firmwarexeon_w-2155xeon_e-2278g_firmwarecore_i7-7500ucore_i7-8550uxeon_e-2276ml_firmwarexeon_d-1736ntxeon_e-2224gxeon_w-2135core_i3-9100txeon_platinum_8160_firmwarexeon_d-2798nt_firmwarexeon_d-1623nxeon_w-2145core_i5-8310y_firmwarexeon_e-2226gecore_i3-10300t_firmwarexeon_gold_6142core_i5-9300hxeon_w-3323_firmwarexeon_gold_6148_firmwarecore_i9-10900_firmwarecore_i3-7167u_firmwarecore_i7-8559u_firmwarexeon_d-1722necore_i7-8086k_firmwarexeon_d-1718t_firmwarecore_i7-10610ucore_i5-10505_firmwarecore_i5-1035g1_firmwarecore_i7-8665u_firmwarexeon_e-2176g_firmwarecore_i3-7167uxeon_d-1622_firmwarecore_i5-9400hcore_i7-8500ycore_i7-7567ucore_i9-9900txeon_w-2295_firmwarecore_i3-8145u_firmwarexeon_d-2796nt_firmwarexeon_w-1390pxeon_d-1749nt_firmwarecore_i7-9700e_firmwarexeon_d-2161ixeon_platinum_8164_firmwarecore_i5-10300h_firmwarexeon_d-2141i_firmwarecore_i7-7660u_firmwarecore_i7-7820hqcore_i5-8210ycore_i7-8750h_firmwarecore_i5-10200h_firmwarecore_i3-7300tcore_i5-7400_firmwarecore_i3-8109u_firmwarecore_i3-8300t_firmwarecore_i7-9700k_firmwarexeon_e-2288g_firmwarecore_i3-9100f_firmwarecore_i5-7y54_firmwarexeon_e-2246g_firmwarexeon_e-2176m_firmwarexeon_e-2174g_firmwarecore_i3-10300tcore_i3-7101ecore_i3-8100b_firmwarexeon_d-1513nxeon_d-1537xeon_d-2187nt_firmwarexeon_w-1290tecore_i9-8950hk_firmwarecore_i5-8500xeon_d-1539_firmwarexeon_w-3223core_i5-9500te_firmwarecore_i5-7600_firmwarexeon_gold_6130_firmwarexeon_w-3275m_firmwarexeon_silver_4112xeon_d-1559xeon_w-3323xeon_gold_5120txeon_w-3175xxeon_w-2235_firmwarexeon_gold_6134core_i5-8265ucore_i7-10700kf_firmwarexeon_e-2254mexeon_w-3235xeon_platinum_8160f_firmwarecore_i7-9750hxeon_e-2336_firmwarecore_i7-7y75xeon_w-2225core_i7-7560u_firmwarexeon_e-2286g_firmwarexeon_w-2133xeon_d-2183it_firmwarecore_i5-7y57xeon_d-2753ntcore_i3-10305tcore_i7-10700_firmwarecore_i3-8350kxeon_gold_6148xeon_d-1557core_i5-7500txeon_gold_6144xeon_d-1736nt_firmwarecore_i5-9600k_firmwarecore_i9-9900t_firmwarecore_i3-9100xeon_d-1726xeon_e-2224g_firmwarexeon_d-1553n_firmwarexeon_gold_6128_firmwarexeon_w-2223xeon_platinum_8170_firmwarexeon_e-2276mcore_i7-7700kcore_i7-8705gcore_i5-9500ecore_i7-8665ucore_i3-8300tcore_i7-7660uxeon_d-1627_firmwarecore_i7-8706gxeon_gold_6126txeon_gold_6140_firmwarexeon_w-3225xeon_e-2236core_i9-9880h_firmwarexeon_w-1370core_i7-10850hxeon_e-2236_firmwarecore_i7-8700t_firmwarexeon_e-2126g_firmwarecore_i7-8700core_i5-10400fcore_i5-8259u_firmwarecore_i7-8665ue_firmwarexeon_w-2155_firmwarecore_i3-7130u_firmwarexeon_w-1290te_firmwarecore_i5-8400core_i7-8705g_firmwarexeon_d-1746ter_firmwarecore_i9-10900te_firmwarecore_i3-10300core_i7-7700tcore_i7-10700tcore_i3-7100txeon_w-3225_firmwarecore_i7-8086kcore_i5-10210ucore_i5-7260u_firmwarexeon_w-2295xeon_d-2776ntxeon_d-1527_firmwarexeon_d-2798ntcore_i5-7600k_firmwarexeon_d-1733ntcore_i5-8257ucore_i5-8365ue_firmwarecore_i7-8700kxeon_w-3245m_firmwarecore_i5-7200u_firmwarecore_i5-8600k_firmwarecore_i7-10510u_firmwarecore_i5-7442eqxeon_e-2134xeon_platinum_p-8136_firmwarexeon_e-2226g_firmwarexeon_d-2143itxeon_d-2163itcore_i3-10100_firmwarecore_i5-10505xeon_d-2161i_firmwarexeon_d-2779_firmwarecore_i5-1030g7xeon_w-1390txeon_w-1270core_i5-7442eq_firmwarecore_i5-10310y_firmwarecore_i7-8569u_firmwarecore_i7\+8700_firmwarexeon_e-2144g_firmwarexeon_silver_4109tcore_i3-1000g1core_i7-10510yxeon_gold_5122_firmwarecore_i5-7360u_firmwarecore_i5-10600kf_firmwarecore_i3-10110ucore_i5-8210y_firmwarexeon_w-2275_firmwarexeon_gold_6138fcore_i3-9100e_firmwarexeon_gold_6132_firmwarexeon_gold_6136_firmwarecore_i5-9600kcore_i3-10305t_firmwarecore_i5-10310u_firmwarexeon_d-1531_firmwarecore_i7-7700hqxeon_w-1270texeon_silver_4114xeon_d-2123it_firmwarecore_i9-10900f_firmwarecore_i3-9100hl_firmwarecore_i3-10105fcore_i3-8100hcore_i3-9100t_firmwarexeon_d-1715terxeon_e-2386g_firmwarexeon_bronze_3104core_i5-10300hxeon_d-1571xeon_d-1736_firmwarecore_i5-8350uxeon_w-11865mlecore_i3-1005g1_firmwarecore_i5-7300uxeon_w-3223_firmwarexeon_d-2173itxeon_w-11855mxeon_d-2123itxeon_e-2246gcore_i5-8500tcore_i3-10100y_firmwarexeon_w-3265mcore_i5-7500xeon_d-1627xeon_d-2796ntxeon_w-2255_firmwarexeon_gold_6144_firmwarexeon_d-2779xeon_d-1602core_i5-7200ucore_i5-8350u_firmwarexeon_d-2796te_firmwarecore_i7-8700b_firmwarexeon_platinum_p-8124core_i9-8950hkxeon_gold_6150core_i9-10900ecore_i9-10850kxeon_gold_6140xeon_d-1649n_firmwarecore_i7-7920hqcore_i5-9300hf_firmwarexeon_e-2314_firmwarexeon_e-2254mlcore_i9-9900ks_firmwarecore_i3-9300_firmwarecore_i5-8400txeon_w-2123_firmwarexeon_gold_6148f_firmwarexeon_d-2145nt_firmwarexeon_w-1270pcore_i7-10700xeon_d-1726_firmwarecore_i3-9100te_firmwarexeon_e-2254ml_firmwarexeon_w-1290_firmwarexeon_d-2712txeon_d-1537_firmwarecore_i7-10750h_firmwarexeon_e-2334core_i3-7350k_firmwarexeon_gold_6126xeon_d-1541_firmwarexeon_w-1290e_firmwarecore_i3-10105tcore_i9-10885hxeon_w-1250exeon_d-2166nt_firmwarexeon_d-2712t_firmwarecore_i3-10325xeon_d-1623n_firmwarexeon_w-3375xeon_platinum_p-8124_firmwarecore_i3-7100hcore_i3-7101te_firmwarexeon_d-1548_firmwarexeon_d-1713nte_firmwarecore_i3-9300xeon_w-3365xeon_e-2276mlcore_i7-10875hxeon_gold_6130f_firmwarexeon_e-2244gcore_i9-9900kcore_i3-9350kf_firmwarexeon_d-1559_firmwarexeon_e-2176gxeon_d-2142itxeon_e-2324gxeon_gold_6142fcore_i7-8709gcore_i3-10100core_i7-7y75_firmwarecore_i5-8200y_firmwarecore_i7-8550u_firmwarecore_i5-1035g7_firmwarexeon_platinum_8153_firmwarexeon_gold_6130core_i7-10700f_firmwarexeon_d-1529_firmwarexeon_d-1540_firmwarexeon_d-1637_firmwarecore_i5-9400core_m3-8100y_firmwarecore_i3-8100txeon_d-1733nt_firmwarexeon_d-2733ntxeon_platinum_8160t_firmwarecore_i7-8557uxeon_d-2142it_firmwarexeon_e-2278ge_firmwarecore_i5-9500tcore_i5-7500t_firmwarecore_i3-10305_firmwarecore_i7-8700tcore_i5-8260u_firmwarexeon_d-2143it_firmwarecore_m3-7y32xeon_d-1735trcore_i5-7400xeon_d-2795nt_firmwarexeon_silver_4110core_i7-8650uxeon_d-2752ntexeon_d-1523n_firmwarecore_i3-7102e_firmwarexeon_d-2753nt_firmwarecore_m3-7y30_firmwarecore_i9-10900e_firmwarexeon_gold_5119txeon_e-2286m_firmwarecore_i3-7320xeon_e-2378g_firmwarecore_i7-9750h_firmwarexeon_w-1390_firmwarexeon_w-11865mrexeon_e-2234_firmwarecore_i5-1035g1core_i5-1038ng7xeon_w-3265core_i7-8565u_firmwarexeon_w-3245xeon_gold_6138tcore_i7-10700e_firmwarexeon_d-1718txeon_e-2186g_firmwarecore_i5-1035g4_firmwarecore_i3-10110y_firmwarexeon_gold_5120xeon_e-2124gcore_i5-7600t_firmwarecore_i5-8500bxeon_d-1523ncore_i5-8269ucore_i5-7440hq_firmwarecore_i5-1030g4xeon_d-2786ntecore_i7-10700texeon_e-2288gcore_i3-9100exeon_gold_6154_firmwarexeon_d-1653nxeon_e-2234core_i5-10500core_i7-8709g_firmwarexeon_d-1637xeon_d-1577xeon_e-2356g_firmwarexeon_silver_4114tcore_i7-9850hcore_i5-9400fcore_i7-9700t_firmwarexeon_platinum_8176_firmwarexeon_gold_6154core_i5-10500e_firmwarecore_i5-7440eqxeon_d-1543n_firmwarexeon_w-1250xeon_w-1270p_firmwarexeon_w-2195_firmwarecore_i5-8279ucore_i5-8279u_firmwarecore_i3-8130u_firmwarecore_i5-9500f_firmwarexeon_d-1722ne_firmwarecore_i5-10600t_firmwarecore_i5-9300hfcore_i3-7100uxeon_w-1290exeon_gold_5120t_firmwarecore_i5-10210y_firmwarexeon_d-1747ntexeon_d-1653n_firmwarecore_i3-7101tecore_i3-7350kxeon_d-1734ntxeon_w-2265_firmwarexeon_w-3275xeon_d-1735tr_firmwarecore_i5-7600kxeon_d-1553ncore_i5-8250ucore_i3-10305core_i3-8140u_firmwarecore_i3-1000g4_firmwarexeon_e-2126gxeon_d-1571_firmwarecore_i7-9700txeon_w-1270exeon_silver_4116xeon_d-1633ncore_i3-7100t_firmwarexeon_w-1370p_firmwarecore_i7-7820eqcore_i7-9850hlcore_i5-7360uxeon_w-1290t_firmwarecore_i7-8650u_firmwarexeon_w-3245_firmwarecore_i5-10600kxeon_d-1518_firmwarecore_i3-9350kfxeon_e-2388g_firmwarexeon_w-1370pcore_i9-9900k_firmwarecore_i7-7700k_firmwarecore_m3-8100yxeon_w-2135_firmwarecore_i9-10900kfcore_i5-8250u_firmwarexeon_w-11155mrexeon_e-2186mcore_i7-9700ecore_i7-7567u_firmwarecore_i3-7320_firmwarecore_i5-8400_firmwarexeon_gold_6152_firmwarexeon_platinum_8176f_firmwarexeon_d-1520xeon_e-2176mcore_i7-7700hq_firmwarexeon_d-2146nt_firmwarexeon_gold_6152xeon_platinum_8158core_i5-7440eq_firmwarecore_i3-1000g1_firmwarecore_i5-10600k_firmwarecore_i7-9750hf_firmwarecore_i5-10310ycore_i5-8400t_firmwarexeon_w-1290pxeon_d-1739_firmwarexeon_e-2286gxeon_w-2125_firmwarexeon_d-1713nt_firmwarexeon_w-11155mlexeon_d-1520_firmwarecore_i5-8365u_firmwarecore_i5-10500hxeon_w-2175_firmwarexeon_platinum_8176core_i5-8260uxeon_silver_4112_firmwarecore_i9-10900t_firmwarecore_i7-10810u_firmwarecore_i3-10100t_firmwarexeon_d-1531core_i3-9300txeon_e-2244g_firmwarecore_i7-10810ucore_i5-10400f_firmwarexeon_e-2278gcore_i3-8100h_firmwarecore_i3-10105_firmwarexeon_w-1370_firmwarexeon_d-1533nxeon_w-1270e_firmwarexeon_w-2235core_i7-10875h_firmwarexeon_w-3175x_firmwarexeon_e-2378_firmwarecore_i7-8850hcore_i5-10500t_firmwarecore_i3-7130uxeon_gold_5118core_i5-8265u_firmwarexeon_gold_6128xeon_w-11955mxeon_gold_6130fxeon_e-2374gcore_i3-10100fcore_i3-8300_firmwarecore_i9-9900_firmwarecore_i7-1065g7_firmwarecore_i5-10600xeon_gold_6142f_firmwarexeon_d-1702_firmwarecore_i7\+8700core_i5-8257u_firmwarecore_i9-10900kf_firmwarecore_m3-7y30core_i3-9350kxeon_w-1350core_i5-8500_firmwarexeon_w-11155mle_firmwarexeon_gold_6138pcore_i9-10850k_firmwarecore_i5-8365uecore_i7-8665uexeon_w-1290xeon_gold_6138p_firmwarecore_i7-8809g_firmwarexeon_platinum_8176fxeon_w-3345core_i9-10885h_firmwarecore_i7-7700t_firmwarecore_i9-9980hk_firmwarexeon_w-10885mxeon_w-3275_firmwarecore_i5-1030g7_firmwarecore_i5-9400h_firmwarecore_i3-10320xeon_d-1748tecore_i9-10900tcore_i5-8200yxeon_w-11855m_firmwarecore_i5-8310yxeon_w-2275xeon_d-2752nte_firmwarexeon_d-1739core_i3-10110u_firmwarexeon_d-1543nxeon_d-1528_firmwarexeon_e-2324g_firmwarexeon_e-2278gel_firmwarecore_i5-9500texeon_e-2144gcore_i5-7440hqxeon_d-1702xeon_d-1521xeon_w-1350pcore_i5-9500t_firmwarecore_i7-8569ucore_i7-9700te_firmwarecore_i7-7700_firmwarexeon_d-1748te_firmwarexeon_d-1749ntcore_i5-10500txeon_d-1712tr_firmwarecore_i3-10320_firmwarecore_i3-1005g1xeon_w-11865mre_firmwarecore_i3-8100bcore_i5-9600tcore_i3-7020u_firmwarecore_i3-7101e_firmwarecore_i3-9320xeon_d-2775texeon_silver_4110_firmwarecore_i7-10850h_firmwarecore_i7-1065g7core_i5-9400t_firmwarecore_i9-9980hkcore_i5-8305gcore_i7-8559ucore_i5-8600txeon_d-1714_firmwarexeon_d-1602_firmwarecore_i9-10900texeon_e-2146gcore_i9-10980hk_firmwarecore_i7-9700_firmwarecore_i3-8130uxeon_platinum_8180xeon_d-2177ntxeon_w-2175Intel(R) Processors
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-30103
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 18:18
Updated-06 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-552
Files or Directories Accessible to External Parties
  • Previous
  • 1
  • 2
  • Next
Details not found