Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-44216

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Sep, 2023 | 00:00
Updated At-24 Sep, 2024 | 18:11
Rejected At-
Credits

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Sep, 2023 | 00:00
Updated At:24 Sep, 2024 | 18:11
Rejected At:
▼CVE Numbering Authority (CNA)

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hertzbleed.com/gpu.zip/
N/A
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
N/A
https://github.com/UT-Security/gpu-zip
N/A
https://www.w3.org/TR/filter-effects-1/
N/A
https://blog.imaginationtech.com/reducing-bandwidth-pvric/
N/A
https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
N/A
https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
N/A
https://news.ycombinator.com/item?id=37663159
N/A
https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
N/A
Hyperlink: https://www.hertzbleed.com/gpu.zip/
Resource: N/A
Hyperlink: https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Resource: N/A
Hyperlink: https://github.com/UT-Security/gpu-zip
Resource: N/A
Hyperlink: https://www.w3.org/TR/filter-effects-1/
Resource: N/A
Hyperlink: https://blog.imaginationtech.com/reducing-bandwidth-pvric/
Resource: N/A
Hyperlink: https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
Resource: N/A
Hyperlink: https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
Resource: N/A
Hyperlink: https://news.ycombinator.com/item?id=37663159
Resource: N/A
Hyperlink: https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hertzbleed.com/gpu.zip/
x_transferred
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
x_transferred
https://github.com/UT-Security/gpu-zip
x_transferred
https://www.w3.org/TR/filter-effects-1/
x_transferred
https://blog.imaginationtech.com/reducing-bandwidth-pvric/
x_transferred
https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
x_transferred
https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
x_transferred
https://news.ycombinator.com/item?id=37663159
x_transferred
https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
x_transferred
Hyperlink: https://www.hertzbleed.com/gpu.zip/
Resource:
x_transferred
Hyperlink: https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Resource:
x_transferred
Hyperlink: https://github.com/UT-Security/gpu-zip
Resource:
x_transferred
Hyperlink: https://www.w3.org/TR/filter-effects-1/
Resource:
x_transferred
Hyperlink: https://blog.imaginationtech.com/reducing-bandwidth-pvric/
Resource:
x_transferred
Hyperlink: https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
Resource:
x_transferred
Hyperlink: https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
Resource:
x_transferred
Hyperlink: https://news.ycombinator.com/item?id=37663159
Resource:
x_transferred
Hyperlink: https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Imagination Technologies Limitedimaginationtech
Product
powervr-gpu
CPEs
  • cpe:2.3:h:imaginationtech:powervr-gpu:2018:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2018 before * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Sep, 2023 | 15:19
Updated At:05 Oct, 2023 | 14:36

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CPE Matches
Canonical Ltd.
canonical
>>ubuntu_linux>>22.04
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_4800u>>-
cpe:2.3:h:amd:ryzen_7_4800u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i7-10510u>>-
cpe:2.3:h:intel:core_i7-10510u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i7-12700k>>-
cpe:2.3:h:intel:core_i7-12700k:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i7-8700>>-
cpe:2.3:h:intel:core_i7-8700:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:professional:*:*:*
Intel Corporation
intel
>>core_i7-10610u>>-
cpe:2.3:h:intel:core_i7-10610u:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:home:*:*:*
Intel Corporation
intel
>>core_i7-11800h>>-
cpe:2.3:h:intel:core_i7-11800h:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>geforce_rtx_3060>>-
cpe:2.3:h:nvidia:geforce_rtx_3060:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:pro:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7600x>>-
cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>geforce_rtx_2080_super>>-
cpe:2.3:h:nvidia:geforce_rtx_2080_super:-:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>13.1
cpe:2.3:o:apple:macos:13.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>m1_mac_mini>>-
cpe:2.3:h:apple:m1_mac_mini:-:*:*:*:*:*:*:*
Google LLC
google
>>android>>13.0
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
Google LLC
google
>>pixel_6>>-
cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-203Primarynvd@nist.gov
CWE ID: CWE-203
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/cve@mitre.org
Press/Media Coverage
Third Party Advisory
https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/cve@mitre.org
Press/Media Coverage
https://blog.imaginationtech.com/reducing-bandwidth-pvric/cve@mitre.org
Press/Media Coverage
https://github.com/UT-Security/gpu-zipcve@mitre.org
Third Party Advisory
https://news.ycombinator.com/item?id=37663159cve@mitre.org
Issue Tracking
https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/cve@mitre.org
Press/Media Coverage
https://www.hertzbleed.com/gpu.zip/cve@mitre.org
Technical Description
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdfcve@mitre.org
Exploit
https://www.w3.org/TR/filter-effects-1/cve@mitre.org
Exploit
Hyperlink: https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
Source: cve@mitre.org
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
Source: cve@mitre.org
Resource:
Press/Media Coverage
Hyperlink: https://blog.imaginationtech.com/reducing-bandwidth-pvric/
Source: cve@mitre.org
Resource:
Press/Media Coverage
Hyperlink: https://github.com/UT-Security/gpu-zip
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://news.ycombinator.com/item?id=37663159
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
Source: cve@mitre.org
Resource:
Press/Media Coverage
Hyperlink: https://www.hertzbleed.com/gpu.zip/
Source: cve@mitre.org
Resource:
Technical Description
Hyperlink: https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://www.w3.org/TR/filter-effects-1/
Source: cve@mitre.org
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

189Records found
CVE-2022-20559
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20318
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.58%
||
7 Day CHG-0.01%
Published-11 Aug, 2022 | 15:25
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694069

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20309
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.58%
||
7 Day CHG-0.01%
Published-11 Aug, 2022 | 15:23
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694094

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20276
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:15
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205706731

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20279
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:16
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204877302

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20249
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.58%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:09
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226900861

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-1139
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.79%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:38
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-46778
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.08% / 24.02%
||
7 Day CHG-0.02%
Published-09 Aug, 2022 | 20:20
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7543ryzen_5_3580uepyc_7402ryzen_3_3450uathlon_3150g_firmwareepyc_7f32epyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareryzen_7_4700geryzen_5_2500uryzen_3_3750hryzen_9_5980hxepyc_7453ryzen_3_5300geryzen_3_2300uryzen_5_5600hsryzen_7_5825uryzen_7_5825u_firmwareepyc_7542ryzen_7_4700gryzen_5_3400gepyc_7281_firmwareepyc_7413_firmwareryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_2950xryzen_5_4500u_firmwareryzen_threadripper_pro_3975wxepyc_7002epyc_7643_firmwareepyc_7f52ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareryzen_3_4300g_firmwareepyc_7f32_firmwareepyc_7001_firmwareepyc_75f3_firmwareryzen_7_3750hepyc_7473x_firmwareryzen_3_2200u_firmwareepyc_7281ryzen_3_2200uryzen_9_4900hsepyc_7551p_firmwareryzen_7_5700gryzen_threadripper_2920xepyc_7601_firmwareryzen_7_5825c_firmwareepyc_7573x_firmwareryzen_5_2600ryzen_7_2700x_firmwareryzen_5_2600hryzen_5_3500uepyc_7401ryzen_3_3750h_firmwareryzen_3_5400uryzen_3_3580uepyc_7713ryzen_5_3550hryzen_5_4500uryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_3_3700c_firmwareryzen_3_4300uepyc_7003ryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_5_5600ge_firmwareryzen_threadripper_3990xryzen_5_3400g_firmwareryzen_7_2700_firmwareathlon_3150ge_firmwareryzen_5_5600h_firmwareryzen_5_2700xryzen_3_4300geryzen_5_2600_firmwareryzen_7_4700uepyc_7501ryzen_9_5950xryzen_5_3580u_firmwareryzen_5_3600_firmwareryzen_5_4600hryzen_3_3200u_firmwareepyc_7443_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareryzen_3_3300uryzen_threadripper_pro_5945wx_firmwareepyc_7313p_firmwareryzen_5_3550h_firmwareepyc_7252ryzen_5_5600uryzen_7_4800hryzen_5_3450gepyc_7502pepyc_7351p_firmwareryzen_9_4900hryzen_5_5600geryzen_7_3700u_firmwareryzen_7_2700u_firmwareepyc_7601ryzen_3_3780u_firmwareryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_9_5900hs_firmwareepyc_72f3_firmwareepyc_7662epyc_7642ryzen_threadripper_pro_5975wx_firmwareepyc_7502p_firmwareryzen_5_4600h_firmwareepyc_7413ryzen_7_2700xryzen_3_3500cepyc_7313ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uryzen_9_3900x_firmwareryzen_7_3700uepyc_7251epyc_7351_firmwareepyc_7302pepyc_74f3_firmwareryzen_3_5425uryzen_5_4600gepyc_7763ryzen_threadripper_pro_3955wx_firmwareryzen_9_5980hx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareryzen_7_5825cryzen_3_3500c_firmwareryzen_7_5800uryzen_5_5600g_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_7402p_firmwareryzen_threadripper_2990wxryzen_3_4300ge_firmwareryzen_threadripper_3970xryzen_3_5425c_firmwareepyc_7351ryzen_7_5700xryzen_7_5800hepyc_7543pryzen_threadripper_3970x_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_4800uryzen_7_5700uryzen_7_5700ge_firmwareathlon_3150geepyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareryzen_7_4800u_firmwareepyc_7371_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7573xryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_9_3900xepyc_7232p_firmwareepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_3600xt_firmwareepyc_7373xepyc_7513_firmwareryzen_3_3550h_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_7_3750h_firmwareepyc_7h12_firmwareryzen_threadripper_3960xryzen_3_3700cryzen_5_5560uepyc_75f3epyc_7001ryzen_3_3100epyc_7502epyc_7f72_firmwareepyc_7662_firmwareryzen_7_5700u_firmwareepyc_7343_firmwareryzen_7_3780uepyc_7551ryzen_9_5900hsepyc_7551pepyc_7313pepyc_7002_firmwareryzen_3_3500uryzen_9_5980hsryzen_3_5125c_firmwareryzen_7_3800xt_firmwareryzen_5_5500u_firmwareryzen_7_2700ryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xryzen_3_3580u_firmwareryzen_5_5625c_firmwareepyc_7352ryzen_5_5625cepyc_7713_firmwareepyc_7742epyc_7272ryzen_7_2700uryzen_5_3450g_firmwareryzen_9_4900hs_firmwareryzen_9_4900h_firmwareryzen_5_4600geepyc_7003_firmwareepyc_7443p_firmwareryzen_7_2800hryzen_7_5800xathlon_3150gryzen_3_3700uepyc_7773xryzen_5_2600x_firmwareryzen_3_5300gryzen_5_5600hs_firmwareepyc_7261_firmwareryzen_3_3350u_firmwareryzen_threadripper_pro_5955wxryzen_5_5500uryzen_3_5400u_firmwareepyc_7742_firmwareryzen_3_3300u_firmwareryzen_threadripper_pro_3795wxryzen_3_3450u_firmwareryzen_7_3800xepyc_7501_firmwareryzen_5_4600uepyc_7301_firmwareathlon_3050ge_firmwareryzen_threadripper_2990wx_firmwareryzen_5_4600u_firmwareryzen_5_5600hryzen_3_5300u_firmwareepyc_7763_firmwareryzen_3_5300uryzen_3_3550hryzen_3_5425cryzen_5_5600gryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_5_3600xtathlon_3050geryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7452epyc_7h12ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_5_2600xryzen_5_5625uryzen_3_5300ge_firmwareryzen_threadripper_2920x_firmwareepyc_7401pryzen_7_5700geryzen_3_4300gepyc_7302ryzen_3_5125cepyc_7232pryzen_5_5700gryzen_3_3500u_firmwareryzen_7_4700g_firmwareepyc_7663ryzen_5_5600u_firmwareepyc_7552_firmwareepyc_7773x_firmwareryzen_5_3600xepyc_7371epyc_7f72ryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_2970wx_firmwareepyc_7473xepyc_7451_firmwareryzen_9_3950x_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7301epyc_7401p_firmwareryzen_5_5700g_firmwareepyc_7351pryzen_3_5300g_firmwareryzen_7_4700ge_firmwareryzen_7_5800u_firmwareryzen_7_4700u_firmwareepyc_7532epyc_7552epyc_7702p_firmwareryzen_3_3700u_firmwareryzen_5_5700ge_firmwareepyc_7302_firmwareryzen_5_5560u_firmwareepyc_73f3_firmwareepyc_7702pepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_3_3250uepyc_72f3epyc_7643epyc_7452_firmwareryzen_9_3950xryzen_3_3300gepyc_7313_firmwareepyc_7443pryzen_3_3780uryzen_3_3250u_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_5_3500u_firmwareryzen_5_4600ge_firmwareryzen_7_5800hs_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3ryzen_5_5625u_firmwareryzen_3_3350uepyc_73f3AMD Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-10919
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.60% / 85.05%
||
7 Day CHG~0.00%
Published-22 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxdebian_linuxsambasamba
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0495
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 53.85%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 23:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Action-Not Available
Vendor-gnupgn/aOracle CorporationRed Hat, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlibgcryptenterprise_linux_workstationtraffic_directorenterprise_linux_desktopansible_towerLibgcrypt before 1.7.10 and 1.8.x before 1.8.3
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39754
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39755
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39756
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39788
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.47%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39744
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39791
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39773
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.47%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39775
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39760
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-39761
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2017-7006
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 69.73%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswebkitsafarin/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2017-5753
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-94.30% / 99.94%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 13:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Action-Not Available
Vendor-pepperl-fuchsIntel CorporationCanonical Ltd.openSUSENetApp, Inc.Synology, Inc.VMware (Broadcom Inc.)SUSEPhoenix Contact GmbH & Co. KGDebian GNU/LinuxArm LimitedSiemens AGOracle Corporation
Product-xeon_e3_1271_v3simatic_itc1900xeon_e7xeon_e5_1660_v4xeon_e5_2640_v4cortex-a8_firmwarexeon_e5_1620_v4bl_rackmount_4u_firmwarexeon_silvercortex-a76xeon_e5_2630lcortex-a15_firmwarexeon_e3_1230_v2cortex-r8xeon_e3_1260l_v5bl_ppc15_1000_firmwarecore_m3xeon_e3_1505l_v6xeon_e5_2403_v2xeon_e5_2430l_v2bl2_ppc_1000cortex-a72pentium_jxeon_e5_2428l_v2xeon_e5_2609_v3xeon_e5_2630_v4btc12vl2_ppc_3000xeon_e-1105cxeon_e5_1620xeon_e3_1230_v3xeon_e3_1220_v2xeon_e3_1268l_v3cortex-a73xeon_e3_1270_v5vl2_bpc_7000_firmwarexeon_e3_12201cortex-a77xeon_e3_1258l_v4xeon_e5_1650_v4simatic_winac_rtx_\(f\)_2010_firmwareatom_x5-e3940simatic_itc2200_firmwarexeon_e5_2630l_v2xeon_e5_1620_v3xeon_e3_1275l_v3bl_bpc_3001simatic_itc1500_firmwarecortex-a12_firmwarexeon_e3_1220_v5bl_ppc17_7000dl_ppc15m_7000xeon_e3_1260lvl2_ppc_9000xeon_e5_2630_v2bl_ppc17_1000vl2_bpc_3000_firmwarexeon_e5_2418l_v3bl_ppc_1000bl_rackmount_4ubl2_ppc_1000_firmwarexeon_e5_2418lxeon_e3_1285_v6el_ppc_1000\/m_firmwarexeon_e5_1650xeon_e5_2408l_v3vl2_bpc_1000_firmwarexeon_e5_2420xeon_e5_2608l_v3bl_bpc_2001xeon_e3_1265l_v3xeon_e5_2623_v3xeon_e3_1275_v6xeon_e3_1285_v4simatic_itc1900_firmwarevl2_ppc_1000cortex-a9_firmwarexeon_e5_2430xeon_e5_1428lvs360hd_firmwarexeon_e5_2440xeon_e5_2648l_v4xeon_platinumsuse_linux_enterprise_serverxeon_e3_1280_v3bl_ppc12_1000_firmwarexeon_e5_2407xeonvl2_ppc9_1000_firmwarecortex-a9neoverse_n1_firmwarexeon_e3_1240_v6xeon_e3_1275_v5xeon_e5_1680_v3xeon_e5_2428lxeon_e3_1220cortex-x1_firmwarexeon_e5_2650l_v2vl2_ppc_7000_firmwarexeon_e3_1105c_v2bl_ppc15_7000_firmwarebl2_bpc_2000vs960hd_firmwarecortex-a57xeon_e3_1265l_v2cortex-r7_firmwarevl_ipc_p7000_firmwarexeon_e5_2648lxeon_e5_1660_v3xeon_e3_1280_v2core_i3vl2_ppc_9000_firmwarevl2_ppc_2000_firmwarexeon_e5_2440_v2xeon_e5_2603_v2cortex-a77_firmwarexeon_e3_1240_v5xeon_e3_1241_v3vl2_ppc_1000_firmwarecortex-r7xeon_e5_1428l_v3xeon_e5_2430_v2xeon_e3_1240_v2xeon_e5_2620bl_bpc_3000_firmwarefusionxeon_e5_1650_v3xeon_e5_2609_v2diskstation_managerxeon_e3_1225_v2btc14bl_bpc_7001_firmwarexeon_e5_2430lvl2_bpc_1000xeon_e5_1650_v2xeon_e5_2438l_v3vl_bpc_2000_firmwarexeon_e5_2650xeon_e5_2407_v2xeon_e5_1620_v2cortex-a78ae_firmwarecore_i5xeon_e3_1240_v3workstationbl_ppc15_1000atom_x3el_ppc_1000\/wtxeon_e5_2650lcortex-a72_firmwarebl_ppc17_7000_firmwareceleron_jvl2_ppc7_1000bl_bpc_7000cortex-a78bl_bpc_2000bl2_bpc_1000_firmwarevl2_ppc_2000xeon_e3_1246_v3suse_linux_enterprise_desktopvirtual_machine_managerbtc14_firmwarexeon_e5_2603_v3bl2_ppc_7000xeon_e5_2637xeon_e3xeon_e3_1290_v2xeon_e5_2623_v4dl_ppc15m_7000_firmwarexeon_e5_2637_v4bl2_ppc_2000core_m7xeon_e5_2470el_ppc_1000\/mxeon_e5_2637_v3valueline_ipc_firmwarexeon_e3_1270neoverse_n2bl_ppc15_3000vl_bpc_3000xeon_e3_1225_v3xeon_e5_2450_v2cortex-a17bl_ppc17_1000_firmwarexeon_e3_1285l_v3xeon_e3_1220l_v3xeon_e5_2418l_v2xeon_e5_2603xeon_e5_2648l_v3core_m5xeon_e5_2630_v3xeon_e3_1230l_v3xeon_e3_1268l_v5vl2_ppc9_1000xeon_e3_1278l_v4vl_ipc_p7000vl2_bpc_9000_firmwarebl_ppc_1000_firmwarexeon_e5_2637_v2vl2_ppc12_1000_firmwarexeon_e5dl_ppc18.5m_7000vl2_ppc12_1000xeon_goldxeon_e3_1501l_v6cortex-a57_firmwarexeon_e3_1501m_v6xeon_e5_1680_v4xeon_e5_2650_v3visunet_rm_shellxeon_e3_1226_v3dl_ppc15_1000_firmwarexeon_e5_1660solarisxeon_e5_2630l_v3btc12_firmwarexeon_e3_1280_v5bl_bpc_2001_firmwarexeon_e5_1428l_v2vl_ppc_2000_firmwarerouter_managerbl2_ppc_7000_firmwarexeon_e3_1280xeon_e3_1235skynasdl_ppc21.5m_7000_firmwarexeon_e3_1230_v6xeon_e5_2643xeon_e5_2628l_v3debian_linuxbl_bpc_7000_firmwareel_ppc_1000_firmwarexeon_e3_1240l_v5cortex-a76_firmwarecortex-a73_firmwarevl2_bpc_9000xeon_e5_2618l_v3xeon_bronze_3104xeon_e5_1630_v3vl2_bpc_2000xeon_e3_1270_v2xeon_e5_1660_v2xeon_e5_2420_v2simatic_itc2200_proxeon_e3_1290bl_ppc17_3000_firmwarexeon_e5_2450xeon_e5_2618l_v4el_ppc_1000xeon_e5_2448lxeon_e3_1275_v2dl_ppc18.5m_7000_firmwarevl_ppc_2000leapel_ppc_1000\/wt_firmwarebl_ppc_7000xeon_e5_2650_v2xeon_e5_2403xeon_e5_2428l_v3simatic_itc1900_pro_firmwarecortex-a17_firmwarexeon_e5_2620_v2xeon_bronze_3106xeon_e5_2609neoverse_n1bl_ppc15_3000_firmwarecore_mbl2_ppc_2000_firmwaresimatic_winac_rtx_\(f\)_2010simatic_itc1500vl2_ppc_3000_firmwarexeon_e5_2603_v4esxixeon_e5_2630l_v4xeon_e3_1245_v6xeon_e3_1270_v6xeon_e5_2640_v2simatic_itc1500_proxeon_e3_1231_v3vl_bpc_3000_firmwarevs360hdxeon_e3_1125cbl_bpc_3001_firmwarehcivl2_ppc_7000xeon_e3_1505l_v5simatic_itc1500_pro_firmwarexeon_e5_2643_v3xeon_e5_2620_v4valueline_ipcbl_rackmount_2u_firmwarepentium_nubuntu_linuxbl2_bpc_7000atom_zxeon_e5_2450lcortex-r8_firmwarexeon_e3_1230vl_ppc_3000xeon_e5_2450l_v2xeon_e5_1630_v4bl_bpc_7001simatic_itc2200atom_evl_ppc_3000_firmwareatom_x7-e3950bl2_bpc_2000_firmwarebl2_bpc_7000_firmwarexeon_e3_1230_v5xeon_e5_2648l_v2vl_bpc_1000xeon_e5_2618l_v2xeon_e3_1265l_v4xeon_e3_1281_v3xeon_e3_1276_v3dl_ppc21.5m_7000xeon_e3_1225_v5xeon_e3_1245_v5xeon_e3_1275_v3vl2_bpc_2000_firmwarecortex-a15xeon_e5_2643_v4xeon_e3_1505m_v5atom_cxeon_e3_1286_v3xeon_e3_1245_v2bl_ppc15_7000xeon_e3_1125c_v2atom_x5-e3930vl_bpc_1000_firmwarevl2_bpc_7000xeon_e5_2609_v4vl2_bpc_3000xeon_e5_2650l_v3bl_ppc12_1000vl_bpc_2000xeon_e5_2640xeon_e3_1280_v6bl_bpc_2000_firmwarexeon_e3_1220_v6xeon_e5_2630cortex-x1cortex-a78aexeon_e5_2628l_v2simatic_itc1900_probl_rackmount_2uxeon_e3_1245xeon_e5_2650_v4dl_ppc15_1000xeon_e3_1245_v3xeon_e3_1235l_v5bl_ppc17_3000xeon_e3_1240l_v3local_service_management_systemxeon_e3_1285_v3cortex-a12cortex-a75_firmwarecortex-a75vs960hdxeon_phixeon_e3_1286l_v3cortex-a78_firmwaresimatic_itc2200_pro_firmwarexeon_e5_2628l_v4xeon_e5_2640_v3bl2_bpc_1000xeon_e5_2448l_v2vl2_ppc7_1000_firmwarebl_bpc_3000xeon_e3_1285l_v4xeon_e3_12201_v2xeon_e5_2470_v2xeon_e3_1220_v3xeon_e3_1270_v3celeron_nxeon_e5_2608l_v4xeon_e3_1275xeon_e3_1225xeon_e3_1240cortex-a8bl_ppc_7000_firmwareneoverse_n2_firmwarexeon_e5_2620_v3xeon_e5_2643_v2core_i7xeon_e3_1225_v6solidfiresuse_linux_enterprise_software_development_kitMost Modern Operating Systems
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-38009
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.14% / 77.53%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-203
Observable Discrepancy
CVE-2017-5715
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-91.05% / 99.62%
||
7 Day CHG+0.39%
Published-04 Jan, 2018 | 13:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationSiemens AGNetApp, Inc.Intel CorporationCanonical Ltd.Arm Limited
Product-xeon_e3_1230_v3atom_x7-e3950xeon_e3_1505l_v6xeon_phidebian_linuxxeon_e3_1125c_v2xeon_e3_1245_v6xeon_e5_2623_v3xeon_e3_1271_v3xeon_e3_1275_v3xeon_e5_1650communications_diameter_signaling_routersimatic_winac_rtx_\(f\)_2010xeon_e3_1220xeon_e3_1265l_v4core_m5xeon_e5_2603_v4xeon_e5_2407_v2xeon_e3_1285_v4xeon_e5_2630lxeon_e5_2640_v2xeon_e3_1270xeon_e5_1660_v2xeon_e3_1245xeon_e3_1505l_v5xeon_e5_2648lxeon_e5_2450xeon_e5_2609_v2vm_virtualboxxeon_e5_2650xeon_e3_1290xeon_e5_2470_v2xeon_e5_2470xeon_e5_2450l_v2xeon_e5_2630l_v2xeon_e5_2637xeon_e3_1246_v3xeon_e5_2648l_v4xeon_e5_2637_v2xeon_e5_2418l_v3core_i5core_i7xeon_e3xeon_e3_1240_v5xeon_platinumcortex-axeon_e3_1125cxeon_e3_1285_v6xeon_e5_2608l_v4simatic_winac_rtx_\(f\)_firmwarexeon_e5_2643_v4xeon_e5_2650_v2xeon_e5_2650lxeon_e5_1620_v4xeon_e5_1650_v4xeon_e5_2420xeon_e5_2650l_v2xeon_e3_1220l_v3xeon_e3_1278l_v4xeon_e5_2608l_v3xeon_e5_1630_v3xeon_e3_1225xeon_e3_1220_v3xeon_e5_2428l_v2xeon_e7atom_x3xeon_e5_2430lxeon_e3_1275_v6xeon_e3_1275l_v3xeon_e5_1428l_v2xeon_e5_2618l_v2xeon_e5_1428l_v3xeon_e5_2620xeon_e5_1680_v3xeon_e3_1230l_v3xeon_e3_1240l_v3xeon_e3_1230_v5xeon_e5_1650_v2xeon_e5_2603_v2pentium_nxeon_e5_2620_v2xeon_e5_2630_v2xeon_e-1105cxeon_e5_1630_v4xeon_e3_1501m_v6xeon_e5_2407celeron_jxeon_e3_1231_v3xeon_e3_1240l_v5xeon_e3_1260l_v5xeon_e5_2643_v3xeon_e3_1268l_v3atom_zxeon_e5_2438l_v3xeon_e5_2420_v2pentium_jcore_m3xeon_e3_1270_v3xeon_e3_1240_v6xeon_e3_1285l_v4xeon_e3_1501l_v6xeon_e5_2630xeon_e3_1230_v2xeon_e3_1275xeon_e5_2418lxeon_e5_2628l_v3xeon_e3_1105c_v2xeon_e5_2648l_v2xeon_e3_1280_v2xeon_e5_2648l_v3core_i3xeon_e5_2618l_v3xeon_e3_1220_v5xeon_e5_2430_v2xeon_e3_1230_v6xeon_e5_2403_v2celeron_nxeon_e5_1660_v4xeon_e5_2450_v2xeon_e5_2440_v2ubuntu_linuxxeon_e5_2640_v4xeon_e5_2650_v4xeon_e3_1225_v3atom_x5-e3940xeon_e3_1260lxeon_e5_2448lxeon_e3_1235xeon_e5_2628l_v2xeon_e3_1230xeon_e3_1281_v3xeon_e5_1660xeon_e3_1245_v5xeon_e3_1270_v2xeon_e5_2620_v3xeon_e5_2650l_v3core_mxeon_e5_2440xeon_e5_2643_v2xeon_e3_12201atom_ehci_compute_nodexeon_e3_1225_v6xeon_e3_1270_v6xeon_e5_2623_v4xeon_e3_1285_v3xeon_e5xeon_e5_2640_v3xeon_e3_1235l_v5xeon_e5_2609solidfirexeon_e5_2609_v4xeon_e5_2609_v3atom_x5-e3930xeon_e3_12201_v2xeon_e3_1290_v2xeon_e3_1280_v3xeon_e5_2450lxeon_e5_1620_v3xeon_goldxeon_e3_1275_v5xeon_e5_2403xeon_e5_2620_v4xeon_e5_2628l_v4xeon_e5_2618l_v4atom_cxeon_e3_1225_v2xeon_e3_1240xeon_e3_1275_v2xeon_e5_2630l_v3xeon_e3_1220_v6xeon_bronze_3104xeon_e3_1270_v5xeon_e5_2603_v3xeon_bronze_3106xeonxeon_e3_1241_v3xeon_e3_1505m_v5xeon_e3_1220_v2xeon_e5_2430xeon_e3_1280_v6xeon_e3_1258l_v4xeon_e5_1650_v3xeon_e5_1428lxeon_silverxeon_e5_2428lxeon_e5_2630_v3xeon_e3_1225_v5xeon_e5_1620_v2xeon_e3_1245_v3xeon_e3_1268l_v5xeon_e5_2640xeon_e5_2418l_v2xeon_e5_2408l_v3xeon_e5_2430l_v2xeon_e5_2448l_v2xeon_e3_1276_v3xeon_e3_1265l_v3xeon_e5_2428l_v3xeon_e5_2650_v3xeon_e3_1280_v5xeon_e5_2630_v4xeon_e3_1280xeon_e3_1286l_v3xeon_e5_1680_v4xeon_e5_2637_v4xeon_e5_2630l_v4xeon_e5_2643xeon_e5_1620core_m7xeon_e3_1226_v3xeon_e3_1240_v2xeon_e3_1245_v2xeon_e5_2603xeon_e3_1286_v3xeon_e5_2637_v3xeon_e3_1265l_v2hci_management_nodexeon_e5_1660_v3xeon_e3_1285l_v3xeon_e3_1240_v3Microprocessors with Speculative Execution
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20316
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.58%
||
7 Day CHG-0.01%
Published-11 Aug, 2022 | 15:25
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190726121

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-29687
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-26314
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative execution with Floating-Point Value Injection

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationFedora ProjectBroadcom Inc.Arm Limited
Product-core_i7-7700kryzen_5_5600xxeon_silver_4214fedoracore_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-51477
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 5.94%
||
7 Day CHG-0.02%
Published-28 Mar, 2025 | 23:51
Updated-07 Jul, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixinfosphere_information_serverwindowslinux_kernelInfoSphere Information Server
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-33149
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.24%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_processors_firmwareatom_processors_firmwarexeon_phi_processors_firmwareitanium_processorspentium_processorsceleron_processorsatom_processorsquark_soc_firmwarecore_processorsceleron_processors_firmwarequark_socitanium_processors_firmwarecore_processors_firmwarexeon_phi_processorsxeon_processorspentium_processors_firmwareIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-43546
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Information Disclosure Vulnerability

Windows Cryptographic Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-43095
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0975
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.09%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0988
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.37%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0989
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.37%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0987
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.37%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-1009
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0089
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 19:07
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationFedora ProjectDebian GNU/Linux
Product-itanium_processorsdebian_linuxcore_processors_firmwarepentium_processors_firmwarefedoraxeon_processors_firmwarexeon_processorsceleron_processorsitanium_processors_firmwarecore_processorsceleron_processors_firmwarepentium_processorsIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-8695
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 35.26%
||
7 Day CHG-0.03%
Published-12 Nov, 2020 | 18:03
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationFedora ProjectDebian GNU/Linux
Product-xeon_e3-1501m_firmwarepentium_g4500_firmwarepentium_silver_n5000_firmwareceleron_3955u_firmwarexeon_e3-1235lpentium_4415ycore_i3-6300core_i5-1035g7core_i3-6100e_firmwarepentium_gold_g5420xeon_e-2124g_firmwarecore_i7-9700kfpentium_gold_g5420t_firmwarecore_i5-8305g_firmwarecore_i5-7500_firmwarecore_i5-8400hceleron_g3940pentium_gold_g5420_firmwarecore_i5-7y54xeon_e3-1535m_firmwarecore_i7-1060g7_firmwarecore_i3-7007u_firmwarecore_i7-6650u_firmwarecore_i9-9900kfpentium_g4400tceleron_g3920t_firmwarepentium_gold_g5400tcore_i3-10100f_firmwarexeon_e3-1268lcore_i7-8670core_i5-1035g4core_i3-8145ucore_i7-6822eqcore_i5-7210u_firmwarecore_i7-6700tecore_i3-7020ucore_i7-6567u_firmwarecore_i3-8109uxeon_e3-1565l_firmwarecore_i7-7600ucore_i5-9400f_firmwarecore_i5-7y57_firmwarecore_i3-6100t_firmwarecore_i3-7100e_firmwarecore_i3-7100exeon_e3-1275_firmwarecore_i5-6442eq_firmwarecore_i5-8269u_firmwarexeon_e-2278gexeon_e3-1268l_firmwarexeon_e-2134_firmwarecore_i5-6287u_firmwarexeon_e3-1578l_firmwarecore_m5-6y54core_i5-6600kceleron_n4100core_i3-7120t_firmwareceleron_g3940_firmwarecore_i7-7600u_firmwarepentium_g4520_firmwarecore_i5-8400bcore_i7-10610u_firmwarepentium_g4420core_i7-10710u_firmwarecore_i7-7820hkcore_i5-6500te_firmwarecore_i5-8550core_i5-8400h_firmwareceleron_n4120core_i7-6970hqcore_i5-7500ucore_i3-6120tceleron_3865u_firmwarecore_i5-8600xeon_e3-1225xeon_e-2136celeron_g3930tecore_i7-9700kcore_i5-9400_firmwarecore_i7-8500y_firmwareceleron_3865ucore_i3-8100core_i7-1060g7core_i7-7740x_firmwarecore_i9-10900xeon_e3-1545mpentium_g4520t_firmwarecore_m7-6y75xeon_e3-1270_firmwarecore_i5-6600t_firmwareceleron_g4900tcore_m3-6y30fedoraceleron_3855u_firmwarecore_4205ucore_i5-7287u_firmwarecore_i7-7700celeron_g3900te_firmwarecore_i7-7820hq_firmwarecore_i3-7102ecore_i7-7920hq_firmwarecore_i5-8600kxeon_e-2124_firmwarecore_i7-8700k_firmwarecore_i7-8700_firmwarexeon_e3-1220core_i7-8750hceleron_g3900_firmwarecore_i5-8365ucore_i5-9600kfcore_i5-8500b_firmwarepentium_4410ycore_i3-7100u_firmwarecore_i5-7600core_i3-6100h_firmwarexeon_e-2286mcore_i5-1030g4_firmwarecore_i7-10750hcore_i3-7120_firmwarecore_i7-7820eq_firmwarecore_i5-8550_firmwarecore_i3-8300core_i3-1000g4xeon_e-2186gcore_i5-7267u_firmwarecore_i5-7400tpentium_4415y_firmwarexeon_e3-1535mxeon_e3-1505m_firmwarexeon_e-2174gcore_i7-8809gceleron_j4105core_i5-7260ucore_i7-8700bcore_i5-8420_firmwarecore_i3-8000t_firmwarecore_i7-7500u_firmwarecore_i5-7267ucore_i3-8020_firmwarecore_i7-7820hk_firmwarecore_i9-9900kf_firmwarecore_i7-6560uxeon_e3-1505lpentium_g4420tcore_i5-8300hcore_i5-8600t_firmwarecore_i5-6600_firmwareceleron_j4125_firmwarepentium_gold_g5500tpentium_g4400_firmwarecore_i7-8510y_firmwarexeon_e3-1565lcore_i3-7110u_firmwarecore_i5-7300u_firmwarecore_i5-8600_firmwarecore_i5-9600kf_firmwarexeon_e3-1260lcore_i7-7510u_firmwarecore_i7-9750hfceleron_g4920core_i5-9300h_firmwarecore_i3-6167upentium_silver_j5005xeon_e-2278gelcore_i5-8400b_firmwarecore_i7-6700t_firmwarecore_i3-8100_firmwarecore_i7-7740xxeon_e3-1240_firmwarecore_i7-6500ucore_i3-7110ucore_i7-6500u_firmwarecore_i3-8120celeron_g3902exeon_e-2124core_i9-9880hcore_i5-7287ucore_i7-10710ucore_i5-8500t_firmwarexeon_e3-1558ldebian_linuxcore_i3-7100h_firmwarecore_i5-8300h_firmwarexeon_e-2136_firmwarecore_i5-6300ucore_i7-8565ucore_i5-7300hq_firmwarexeon_e3-1245core_i5-7300hqcore_i7-7560ucore_i7-8706g_firmwarecore_i5-6600k_firmwarepentium_gold_g5420tcore_i3-6110u_firmwarecore_i3-6100hcore_i5-7400t_firmwarecore_i5-6200u_firmwarecore_i3-8100t_firmwarecore_i5-8259upentium_gold_g5500xeon_e-2146g_firmwarecore_i8350kcore_i7-8850h_firmwarecore_m7-6y75_firmwarecore_i7-6700hqpentium_g4500t_firmwarecore_i7-9700kf_firmwarecore_i7-9850h_firmwarecore_i5-6350hqxeon_e3-1515m_firmwarecore_i7-6660u_firmwarecore_i5-7600tcore_i3-6100te_firmwarecore_i5-6350hq_firmwarexeon_e-2278g_firmwarecore_i7-7500ucore_i7-8550ucore_i3-6120_firmwarexeon_e3-1505mcore_i5-6310u_firmwareceleron_j4025core_i5-8310y_firmwarecore_i5-6400_firmwarecore_i7-6650ucore_i5-9300hcore_i5-6210uxeon_e3-1240core_i9-10900_firmwarecore_i7-8559u_firmwarecore_i7-10610ucore_i5-1035g1_firmwarecore_i7-8665u_firmwarexeon_e-2176g_firmwarecore_i3-6100tcore_i7-8500ycore_i5-9400hcore_i7-7567uxeon_e3-1240l_firmwareceleron_g3900e_firmwarecore_i3-8145u_firmwarepentium_4405u_firmwarecore_i3-7367ucore_i3-7340_firmwarecore_i7-7660u_firmwarecore_i7-7820hqcore_i5-6260u_firmwarecore_i5-8210yceleron_g3920tcore_i7-8750h_firmwarecore_i3-6100ecore_i3-8300t_firmwarecore_i3-8109u_firmwarecore_i5-7400_firmwarexeon_e3-1280xeon_e3-1260l_firmwareceleron_3955ucore_i7-9700k_firmwarexeon_e-2288g_firmwareceleron_n4000core_i5-7y54_firmwarepentium_4405y_firmwarecore_i7-6567uxeon_e-2176m_firmwarexeon_e-2174g_firmwarecore_i3-7101ecore_i9-8950hk_firmwarecore_i5-8500core_i7-6870hq_firmwarecore_i3-8000_firmwarecore_i5-7600_firmwarecore_i7-7510ucore_i8130ucore_i7-8510ycore_i5-6267u_firmwarecore_i5-8265ucore_i3-7007ucore_i5-6300hqcore_i3-6110ucore_i5-6440hqcore_i7-7y75pentium_gold_g5400t_firmwarecore_i7-7560u_firmwarecore_i7-6700core_i5-7y57celeron_g3920_firmwarexeon_e-2486g_firmwarepentium_silver_j5040core_i5-7500tcore_i5-9600k_firmwarepentium_gold_g5500_firmwarecore_i8350k_firmwarepentium_gold_g5600celeron_j4125core_i3-6102e_firmwarexeon_e3-1230_firmwarecore_i7-7700kcore_i7-8705gpentium_g4540_firmwarecore_i7-8665ucore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i3-6100u_firmwarecore_i3-8120_firmwarecore_i7-8706gcore_i9-9880h_firmwarecore_i7-8700t_firmwarexeon_e-2126g_firmwarecore_i5-6310ucore_i5-7500u_firmwarecore_i7-8700core_i5-8259u_firmwarexeon_e3-1501lcore_i3-6300tcore_i3-7130u_firmwarecore_i5-8400core_i3-6120core_i7-8705g_firmwarecore_i7-7700tcore_i5-7260u_firmwarepentium_gold_g5500t_firmwarecore_i7-6600u_firmwarecore_i5-7600k_firmwarecore_i7-6770hqcore_i7-8700kxeon_e-2486gcore_i5-7200u_firmwarecore_i5-8600k_firmwarecore_i5-7442eqxeon_e-2134xeon_e3-1545m_firmwarepentium_g4500txeon_e3-1515mcore_i5-1030g7core_i5-7442eq_firmwarexeon_e-2144g_firmwarecore_i3-1000g1core_i5-7360u_firmwarecore_i5-8210y_firmwarecore_i5-6442eqcore_i5-8420tcore_i5-9600kceleron_g3900core_i3-6300_firmwarecore_i7-7700hqceleron_g4900t_firmwarecore_i3-8100hxeon_e3-1225_firmwarecore_i7-6870hqpentium_g4500core_i5-8350ucore_i3-1005g1_firmwareceleron_n4000_firmwarecore_i3-6320t_firmwarecore_i5-7300ucore_i5-6440hq_firmwarecore_m3-6y30_firmwarepentium_4415u_firmwarecore_i5-8500tceleron_3965y_firmwarecore_i5-7500core_i5-6400core_i5-7200upentium_g4540core_i5-8350u_firmwarecore_i7-8700b_firmwareceleron_g3930ecore_i9-8950hkpentium_g4520pentium_4405ucore_i7-6820hq_firmwarecore_i3-6320_firmwarecore_i7-7920hqxeon_e3-1575m_firmwarepentium_g4400t_firmwarepentium_gold_g5600_firmwarecore_i5-8400tcore_i3-6100_firmwarexeon_e3-1578lcore_i5-8420core_i7-8670tceleron_j4105_firmwarecore_i7-6660ucore_i7-10750h_firmwarexeon_e3-1240lceleron_3965uceleron_g4920_firmwarepentium_silver_n5000core_i3-6120t_firmwarecore_i5-6500_firmwarecore_i3-7100hcore_i3-7101te_firmwarexeon_e3-1220_firmwarecore_i5-6500t_firmwarexeon_e3-1501l_firmwarecore_i9-9900kxeon_e-2176gpentium_gold_g5400_firmwarecore_i3-6320tcore_i7-8709gcore_i7-7y75_firmwarecore_i5-8200y_firmwarecore_i7-8550u_firmwareceleron_j4025_firmwarecore_i5-1035g7_firmwarepentium_silver_j5040_firmwarecore_i3-7120pentium_g4420t_firmwarecore_i5-6287ucore_i5-7640x_firmwarecore_i5-9400core_m3-8100y_firmwarecore_i3-8100tpentium_4415ucore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-6700k_firmwarecore_i5-8650k_firmwarexeon_e-2278ge_firmwarecore_i5-7500t_firmwarecore_i7-8700tcore_i7-6820hk_firmwarecore_i7-6820hqcore_i5-7400xeon_e3-1501mcore_i7-8650ucore_i3-7102e_firmwarexeon_e3-1585_firmwarecore_m3-7y30_firmwarexeon_e3-1245_firmwarexeon_e-2286m_firmwarecore_i5-6600core_i7-6700tcore_i7-6920hqcore_i3-6167u_firmwarexeon_e3-1585core_i3-6100ucore_i7-6700_firmwarecore_i3-7320t_firmwarepentium_g4400tecore_i5-1035g1pentium_silver_n5030xeon_e3-1280_firmwarecore_i7-6510u_firmwarecore_i7-8565u_firmwarecore_i7-6822eq_firmwarexeon_e-2186g_firmwarecore_i8130u_firmwarecore_i5-1035g4_firmwarecore_i5-8500bxeon_e-2124gcore_i5-7600t_firmwarecore_i5-8269ucore_i5-7440hq_firmwarecore_i5-1030g4xeon_e-2288gcore_i5-6300hq_firmwarecore_i7-8709g_firmwarepentium_g4520tceleron_3965u_firmwareceleron_g3930e_firmwarecore_5405u_firmwarecore_i7-9850hcore_i5-9400fcore_i7-6700kcore_i3-8000core_i3-6320celeron_n4100_firmwarecore_i3-7320tcore_i5-7440eqcore_i7-6820eq_firmwarepentium_4410y_firmwarepentium_silver_j5005_firmwareceleron_g3900tcore_i3-8000tceleron_g3920core_i5-6400tcore_i3-7100ucore_i3-7101tecore_i5-7600kcore_m5-6y57core_i5-8250ucore_i3-1000g4_firmwarecore_5405uxeon_e-2126gcore_i7-6920hq_firmwarecore_i7-7820eqxeon_e3-1275core_i5-7360ucore_i5-6500core_i3-7340core_i7-8650u_firmwarexeon_e3-1235l_firmwarecore_i5-6200ucore_i7-8670t_firmwarecore_m3-8100ycore_i9-9900k_firmwarecore_i7-7700k_firmwarecore_i7-6700hq_firmwarecore_i5-8650_firmwarecore_i5-8250u_firmwareceleron_n4120_firmwarecore_i7-7567u_firmwareceleron_g3902e_firmwarecore_i5-8400_firmwarecore_i7-8670_firmwarexeon_e-2176mcore_i7-6970hq_firmwarecore_i7-7700hq_firmwarecore_i7-6820hkpentium_g4400core_i5-7440eq_firmwarecore_i3-1000g1_firmwarecore_i7-9750hf_firmwarecore_i5-8400t_firmwarecore_i5-6400t_firmwarecore_i3-6102ecore_i5-8365u_firmwarecore_i7-6700te_firmwarecore_i5-6600tpentium_g4420_firmwarecore_i3-8020core_i7-6510upentium_silver_n5030_firmwarecore_i5-6360u_firmwarecore_i3-8100h_firmwarexeon_e-2278gcore_i7-8850hcore_i5-7210ucore_i3-7130uceleron_j4005_firmwarecore_i5-8265u_firmwarecore_i3-10100fcore_i7-6560u_firmwarecore_i3-8300_firmwarecore_i7-6820eqcore_i7-1065g7_firmwareceleron_g3930te_firmwarexeon_e3-1558l_firmwarecore_i5-8650core_i5-6500tecore_m3-7y30core_4205u_firmwarecore_i5-8500_firmwarecore_i5-6210u_firmwareceleron_n4020_firmwarecore_i5-6300u_firmwarecore_i7-8809g_firmwarexeon_e3-1575mxeon_e3-1230core_i7-7700t_firmwarecore_i9-9980hk_firmwareceleron_g4900core_i5-9400h_firmwarecore_i5-1030g7_firmwarepentium_4405ycore_i5-8420t_firmwarecore_i5-8200ypentium_gold_g5400celeron_g3900t_firmwarecore_i3-6100core_i5-8310ycore_i5-7640xceleron_n4020celeron_g4900_firmwarexeon_e-2278gel_firmwarecore_i5-7440hqxeon_e-2144gcore_i5-6360ucore_m5-6y54_firmwarexeon_e3-1505l_firmwarecore_i3-6300t_firmwarecore_m5-6y57_firmwarecore_i5-8650kceleron_g3900ecore_i7-7700_firmwarecore_i7-6770hq_firmwarecore_i5-6267uceleron_3965ypentium_g4400te_firmwareceleron_g3900tecore_i3-1005g1celeron_j4005core_i3-7020u_firmwarecore_i3-7101e_firmwareceleron_3855ucore_i5-6440eqcore_i3-7367u_firmwarecore_i5-6440eq_firmwarecore_i5-8600tcore_i7-1065g7core_i5-8305gcore_i9-9980hkcore_i7-8559uxeon_e-2146gcore_i3-6100texeon_e3-1270xeon_e3-1585l_firmwarexeon_e3-1585lIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-46392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG-0.03%
Published-15 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Action-Not Available
Vendor-n/aArm LimitedFedora Project
Product-fedorambed_tlsn/a
CWE ID-CWE-203
Observable Discrepancy
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found