Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35625

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 Dec, 2023 | 18:10
Updated At-01 Jan, 2025 | 02:18
Rejected At-
Credits

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 Dec, 2023 | 18:10
Updated At:01 Jan, 2025 | 02:18
Rejected At:
▼CVE Numbering Authority (CNA)
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Azure Machine Learning
Platforms
  • Unknown
Versions
Affected
  • From 1.0.0 before 1.5.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 Dec, 2023 | 18:15
Updated At:29 May, 2024 | 02:15

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>azure_machine_learning_software_development_kit>>Versions before 1.5.0(exclusive)
cpe:2.3:a:microsoft:azure_machine_learning_software_development_kit:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-200Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

855Records found
CVE-2019-1046
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1016
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34704
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-27 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Defender Credential Guard Information Disclosure Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11windows_server_2016windows_server_2022windows_server_2019windows_10Windows 10 Version 1507Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 20H2Windows Server 2019Windows 11 version 21H2Windows 10 Version 1607Windows Server 2022Windows Server 2016Windows 10 Version 1809Windows 10 Version 21H1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-1012
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1048
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1015
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2012Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1013
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-14.11% / 94.10%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1047
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1010
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1009
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-19.68% / 95.21%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1011
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1049
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1050
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_rt_8.1windows_server_2019windows_8.1windows_10Windows 10 Version 1803Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2012Windows 10 Version 1703Windows 10 Version 1809
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0977
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.62% / 91.49%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-21845
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.88% / 74.35%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:36
Updated-08 Jul, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2023-21766
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-3.92% / 87.83%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Overlay Filter Information Disclosure Vulnerability

Windows Overlay Filter Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-21536
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.19% / 40.84%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event Tracing for Windows Information Disclosure Vulnerability

Event Tracing for Windows Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20569
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.65% / 69.92%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:02
Updated-23 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft CorporationFedora ProjectDebian GNU/Linux
Product-ryzen_9_5900xepyc_7543epyc_9354pryzen_5_7645hxryzen_9_pro_7640hs_firmwareepyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_7745hx_firmwareryzen_5_5600hsryzen_3_5300geepyc_7453ryzen_7_5825uryzen_7_5825u_firmwareepyc_9334_firmwareepyc_9454p_firmwareepyc_9454epyc_7413_firmwareepyc_9534_firmwareepyc_9754_firmwareryzen_7_5800x3d_firmwareepyc_7643_firmwareryzen_9_7950xepyc_9274f_firmwareryzen_threadripper_pro_5945wxryzen_5_7540uepyc_7373x_firmwareepyc_75f3_firmwareepyc_7473x_firmwareryzen_7_7700xepyc_9634_firmwarewindows_11_22h2ryzen_7_7700x_firmwareryzen_7_5700gryzen_9_7845hx_firmwareryzen_9_6900hxepyc_7573x_firmwareryzen_9_7945hx_firmwareryzen_5_7640hryzen_5_5500ryzen_3_5400uepyc_7713ryzen_5_5600_firmwareryzen_9_pro_5945windows_10_1607ryzen_5_7640h_firmwareryzen_5_7540u_firmwareryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_5800x3dryzen_7_7735uryzen_7_6800h_firmwareryzen_9_pro_7945ryzen_5_5600ge_firmwareepyc_9634epyc_9554p_firmwareryzen_5_5600h_firmwareryzen_7_5700ryzen_7_7745hxryzen_7_5800ryzen_7_pro_7745_firmwareryzen_5_7535uryzen_9_5950xryzen_9_7900x3d_firmwareryzen_5_5500_firmwareryzen_7_7840h_firmwareryzen_9_7845hxepyc_7443_firmwareryzen_7_6800hsepyc_7343epyc_7543_firmwarewindows_11_21h2ryzen_7_7736uepyc_9274fryzen_threadripper_pro_5945wx_firmwareepyc_9734epyc_9454pepyc_9734_firmwareepyc_7313p_firmwareryzen_5_5600uepyc_9124fedoraryzen_5_5600x3d_firmwareryzen_5_5600geryzen_7_7840u_firmwareepyc_9374f_firmwareryzen_9_6980hs_firmwareryzen_9_5900hs_firmwareepyc_72f3_firmwareepyc_9174fryzen_threadripper_pro_5975wx_firmwareryzen_7_5700_firmwareepyc_7413ryzen_9_7945hx3dryzen_5_7535hsepyc_9654_firmwareepyc_9384xryzen_9_7940h_firmwareepyc_7313ryzen_7_5700x_firmwarewindows_10_1507epyc_7663_firmwareryzen_3_7440u_firmwareryzen_3_pro_7330u_firmwareryzen_5_pro_5645_firmwareepyc_74f3_firmwareepyc_9654pryzen_3_5425uepyc_7763epyc_9454_firmwareryzen_7_5800_firmwareepyc_9374fryzen_9_5980hx_firmwareryzen_3_5100_firmwareepyc_7713p_firmwareryzen_3_7440uryzen_5_7645hx_firmwareepyc_9334ryzen_7_5800uryzen_9_7950x3d_firmwareryzen_5_5600g_firmwareryzen_5_pro_7645ryzen_5_5600ryzen_7_5800hepyc_7543pryzen_7_pro_7730u_firmwarewindows_10_1809ryzen_9_7950x_firmwareepyc_7453_firmwareryzen_7_5700uryzen_7_pro_7840hs_firmwareryzen_7_5700ge_firmwareepyc_9554windows_server_2019ryzen_7_6800hryzen_9_7900x_firmwareryzen_5_6600h_firmwareepyc_9254_firmwareryzen_5_pro_5645ryzen_7_7800x3d_firmwareryzen_7_7840uryzen_5_pro_7640hs_firmwareryzen_7_7735hs_firmwareepyc_7573xepyc_9684x_firmwarewindows_10_21h2epyc_9534ryzen_3_pro_7330uryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxepyc_7373xwindows_10_22h2epyc_7513_firmwareryzen_5_6600hryzen_9_pro_7640hsepyc_9384x_firmwareryzen_9_6980hxryzen_5_5560uryzen_9_7940hepyc_75f3debian_linuxepyc_9184x_firmwareryzen_7_5700u_firmwareryzen_9_7900xepyc_7343_firmwareryzen_5_6600hsepyc_9754s_firmwareryzen_7_pro_5845ryzen_7_7840hryzen_9_5900hsryzen_5_7640uwindows_server_2022epyc_9174f_firmwareepyc_7313pwindows_server_2008epyc_9124_firmwareryzen_9_7945hx3d_firmwareryzen_9_5980hsryzen_3_5125c_firmwareryzen_5_7600ryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_9_6900hsryzen_threadripper_pro_5965wx_firmwareepyc_7713_firmwareepyc_9254epyc_9474f_firmwareepyc_7443p_firmwareryzen_7_5800xepyc_7773xryzen_7_7700_firmwareryzen_3_5300gryzen_5_7600x_firmwareryzen_9_5900ryzen_7_6800u_firmwareryzen_5_pro_7530uryzen_5_5600hs_firmwareryzen_7_pro_7745ryzen_threadripper_pro_5955wxryzen_9_6900hs_firmwareryzen_5_5500uryzen_3_5400u_firmwareryzen_7_6800hs_firmwareryzen_7_7800x3dryzen_5_pro_7640hsryzen_5_5600hryzen_5_7535u_firmwareryzen_3_5300u_firmwareryzen_7_6800uryzen_9_7945hxepyc_7763_firmwareryzen_3_5300uryzen_5_5600gryzen_9_pro_7945_firmwareryzen_3_5425u_firmwareryzen_7_7735hsryzen_9_7900x3dryzen_threadripper_pro_5975wxryzen_9_5900hx_firmwareepyc_9354ryzen_9_5950x_firmwareryzen_9_7900_firmwareryzen_5_7600xryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_7_5700geepyc_9554_firmwareryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_7_pro_5845_firmwareryzen_5_5600u_firmwareepyc_7663ryzen_5_5600x3depyc_7773x_firmwareryzen_5_pro_7645_firmwareryzen_5_6600u_firmwareryzen_3_7335uryzen_7_5700g_firmwareryzen_5_7535hs_firmwareryzen_5_7600_firmwareepyc_7473xepyc_9754ryzen_7_pro_7840hsryzen_5_7500f_firmwareryzen_9_pro_5945_firmwareepyc_9554pepyc_9654windows_server_2016epyc_9684xwindows_server_2012ryzen_3_5300g_firmwareryzen_5_7500fryzen_7_5800u_firmwareryzen_7_7736u_firmwareepyc_9474fryzen_5_6600hs_firmwareepyc_9754sryzen_5_7640u_firmwareryzen_5_5560u_firmwareepyc_73f3_firmwareepyc_9654p_firmwareryzen_threadripper_pro_5965wxryzen_9_5900hxepyc_72f3epyc_7643ryzen_9_7950x3depyc_9354_firmwareryzen_7_7700ryzen_3_5100epyc_9354p_firmwareepyc_9224_firmwareepyc_7313_firmwareepyc_7443pryzen_9_7900epyc_9184xryzen_5_pro_7530u_firmwareryzen_7_5800hs_firmwareepyc_9224ryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareepyc_74f3ryzen_7_5700xryzen_9_6980hsepyc_73f3Ryzen™ PRO 3000 Series Desktop Processors Ryzen™ Threadripper™ 5000 Series ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ GraphicsRyzen™ Threadripper™ 2000 Series Processors Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics4th Gen AMD EPYC™ Processors2nd Gen AMD EPYC™ ProcessorsRyzen™ PRO 5000 Series Desktop ProcessorsRyzen™ 3000 Series Desktop ProcessorsRyzen™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAthlon™ 3000 Series Processors with Radeon™ Graphics Ryzen™ PRO 5000 Series ProcessorsRyzen™ 3000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 6000 Series ProcessorsRyzen™ 5000 Series Desktop Processors with Radeon™ Graphics3rd Gen AMD EPYC™ ProcessorsRyzen™ 7000 Series Processors 1st Gen AMD EPYC™ ProcessorsRyzen™ PRO 4000 Series Desktop ProcessorsRyzen™ Threadripper™ 3000 Series ProcessorsAthlon™ PRO 3000 Series Processors with Radeon™ Vega GraphicsRyzen™ 5000 Series Processors with Radeon™ GraphicsRyzen™ 7040 Series Processors with Radeon™ GraphicsRyzen™ 6000 Series Processors with Radeon™ GraphicsRyzen™ 7000 Series Processors with Radeon™ GraphicsRyzen™ 5000 Series Desktop Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-16937
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-7.54% / 91.43%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2Microsoft .NET Framework 4.8Microsoft .NET Framework 4.6Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5 AND 4.7.2
CVE-2024-30071
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.16% / 37.62%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Information Disclosure Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows 11 version 22H3Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-126
Buffer Over-read
CVE-2020-1578
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.52%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows 10 Version 1909Windows Server, version 1903 (Server Core installation)
CVE-2024-30069
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:59
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Information Disclosure Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 21H2Windows Server 2022Windows 11 Version 23H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2016Windows 11 version 22H2Windows 10 Version 22H2Windows 10 Version 21H2Windows 10 Version 1809Windows 10 Version 1607
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20691
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:56
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Themes Information Disclosure Vulnerability

Windows Themes Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2012
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-41339
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30212
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 53.81%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Information Disclosure Vulnerability

Windows Connected Devices Platform Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows Server version 20H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 20H2Windows 11 version 21H2Windows 10 Version 21H1
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-30187
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.30% / 53.13%
||
7 Day CHG+0.01%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Storage Library Information Disclosure Vulnerability

Azure Storage Library Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_storage_blobsazure_storage_queueAzure Storage Queues client library for PythonAzure Storage Blobs client library for .NETAzure Storage Blobs client library for JavaAzure Storage Blobs client library for PythonAzure Storage Queues client library for .NET
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-29116
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.35% / 56.93%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11Windows 11 version 21H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-1882
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 6.76%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 14:50
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.

Action-Not Available
Vendor-IBM CorporationApple Inc.Microsoft CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelspectrum_protect_for_virtual_environmentsspectrum_protect_backup-archive_clientwindowsmacosaixSpectrum ProtectSpectrum Protect for Space Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4386
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.41%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:25
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux- UNIX and Windows
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-4387
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.41%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:25
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux- UNIX and Windows
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-32019
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-3.18% / 86.46%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2011-1280
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-33.59% / 96.79%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_server_management_studio_expressoffice_infopathvisual_studiosql_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1713
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.63% / 94.84%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-29348
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.85%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server 2012 R2Windows Server 2016Windows Server 2019
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1245
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-16.62% / 94.66%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1246
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-18.54% / 95.00%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0890
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsdiscovery\&dependency_mapping_inventoryn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0031
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-34.67% / 96.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38200
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-55.72% / 98.00%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 20:45
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Spoofing Vulnerability

Microsoft Office Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38030
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-59.17% / 98.15%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Themes Spoofing Vulnerability

Windows Themes Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows 11 version 22H3Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38041
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.11% / 95.11%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows 10 Version 1809Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 10 Version 22H2Windows 11 version 22H3Windows Server 2019 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-15967
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.78% / 85.50%
||
7 Day CHG-0.11%
Published-25 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Google LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10enterprise_linux_desktopflash_playerFlash Player
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0244
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.75%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0217
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.43%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7windows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0579
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-37325
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_data_science_virtual_machineAzure Data Science Virtual Machines
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3886
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-14.35% / 94.15%
||
7 Day CHG~0.00%
Published-08 Oct, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-35263
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.7||MEDIUM
EPSS-5.52% / 89.87%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3330
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-24.82% / 95.93%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3327
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-26.67% / 96.15%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 17
  • 18
  • Next
Details not found