Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-42474

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-12 Aug, 2024 | 17:01
Updated At-12 Aug, 2024 | 19:28
Rejected At-
Credits

Streamlit Path Traversal Security Vulnerability on Windows

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:12 Aug, 2024 | 17:01
Updated At:12 Aug, 2024 | 19:28
Rejected At:
▼CVE Numbering Authority (CNA)
Streamlit Path Traversal Security Vulnerability on Windows

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

Affected Products
Vendor
streamlit
Product
streamlit
Versions
Affected
  • < 1.37.0
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5
x_refsource_CONFIRM
https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3
x_refsource_MISC
Hyperlink: https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:12 Aug, 2024 | 17:15
Updated At:16 Sep, 2024 | 14:30

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
CPE Matches
snowflake
snowflake
>>streamlit>>Versions before 1.37.0(exclusive)
cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE-22Secondarysecurity-advisories@github.com
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-22
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3security-advisories@github.com
Patch
https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

707Records found
CVE-2024-41765
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.06%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:36
Updated-21 Mar, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing directory traversal

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-28148
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

Action-Not Available
Vendor-Microsoft CorporationJenkins
Product-continuous_integration_with_toad_edgewindowsJenkins Continuous Integration with Toad Edge Plugin
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-4593
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.87%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 12:31
Updated-01 Oct, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in BVRP Software SLmail

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.

Action-Not Available
Vendor-seattlelabBVRP SoftwareMicrosoft Corporation
Product-windowsslmailSLmail
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21683
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 70.08%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 22:10
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.

Action-Not Available
Vendor-Microsoft CorporationJenkins
Product-windowsjenkinsJenkins
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-54169
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.42%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 14:54
Updated-07 Jul, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX path traversal

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-entirexwindowslinux_kernelEntireX
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-52363
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.06%
||
7 Day CHG+0.01%
Published-17 Jan, 2025 | 02:01
Updated-11 Mar, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server directory traversal

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixinfosphere_information_serverlinux_kernelwindowsInfoSphere Information Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-23838
Matching Score-10
Assigner-SolarWinds
ShareView Details
Matching Score-10
Assigner-SolarWinds
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 72.79%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.Microsoft Corporation
Product-database_performance_analyzerwindowsDatabase Performance Analyzer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-43482
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.46% / 87.06%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook for iOS Information Disclosure Vulnerability

Microsoft Outlook for iOS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookOutlook for iOS
CWE ID-CWE-285
Improper Authorization
CVE-2024-43481
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.96% / 87.90%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Power BI Report Server Spoofing Vulnerability

Power BI Report Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_bi_report_serverPower BI Report Server - May 2024
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38258
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.27% / 78.64%
||
7 Day CHG-0.44%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-23
Relative Path Traversal
CVE-2019-19362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.26%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 02:52
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

Action-Not Available
Vendor-n/aMicrosoft CorporationTeamViewer
Product-windowsteamviewern/a
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2024-38204
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-5.36% / 89.69%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 22:46
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Imagine Cup site Information Disclosure Vulnerability

Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_functionsMicrosoft Azure Functions
CWE ID-CWE-284
Improper Access Control
CVE-2021-41332
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-16.12% / 94.54%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Information Disclosure Vulnerability

Windows Print Spooler Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2019-1487
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.40% / 86.92%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-authentication_libraryMicrosoft Authentication Library (MSAL) for Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39087
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.35%
||
7 Day CHG-0.07%
Published-16 Aug, 2022 | 18:46
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelhp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-1443
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-15.08% / 94.31%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-1376
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.63% / 91.49%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-1313
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.63% / 91.49%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-38931
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.81%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncNetApp, Inc.Oracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixoncommand_insightDB2 for Linux, UNIX and Windows
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-39019
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.59%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:15
Updated-25 Mar, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-engineering_lifecycle_optimization_-_publishingengineering_lifecycle_optimization_publishingwindowslinux_kernelEngineering Lifecycle Optimization Publishing
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38206
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-2.85% / 85.68%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 21:38
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Copilot Studio Information Disclosure Vulnerability

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-copilot_studioMicrosoft Copilot Studio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-38975
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.22%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CVE-2021-39033
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 16:15
Updated-16 Sep, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-33783
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-13.69% / 94.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Information Disclosure Vulnerability

Windows SMB Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2024-26226
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.22% / 90.50%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Distributed File System (DFS) Information Disclosure Vulnerability

Windows Distributed File System (DFS) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20680
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.39% / 86.91%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:56
Updated-09 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Message Queuing Client (MSMQC) Information Disclosure

Windows Message Queuing Client (MSMQC) Information Disclosure

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 1607Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 22H2Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2019Windows Server 2022Windows 10 Version 1809Windows 11 version 22H3Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-20660
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.67% / 87.43%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:57
Updated-03 May, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing Information Disclosure Vulnerability

Microsoft Message Queuing Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21314
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.68% / 88.90%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:57
Updated-03 May, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing Information Disclosure Vulnerability

Microsoft Message Queuing Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31173
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31965
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.7||MEDIUM
EPSS-4.08% / 88.10%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2022-42343
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-23 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign Classic (ACC)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41122
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.75% / 85.41%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CVE-2022-41097
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.75% / 85.41%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CVE-2024-30053
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.42% / 79.79%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Migrate Cross-Site Scripting Vulnerability

Azure Migrate Cross-Site Scripting Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_migrateAzure Migrate
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30043
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-44.23% / 97.46%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2022-38033
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.50% / 89.84%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-29683
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-37959
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.29% / 88.40%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:42
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability

Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2016Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019
CVE-2022-36772
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 17:00
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CVE-2021-28442
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-13.69% / 94.00%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Information Disclosure Vulnerability

Windows TCP/IP Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-28328
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-11.53% / 93.35%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-19 Nov, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Information Disclosure Vulnerability

Windows DNS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28323
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-12.48% / 93.66%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Information Disclosure Vulnerability

Windows DNS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2021-28325
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-18.60% / 95.01%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Information Disclosure Vulnerability

Windows SMB Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-27067
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-12.33% / 93.61%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverteam_foundation_serverTeam Foundation Server 2015 Update 4.2Azure DevOps Server 2019 Update 1Azure DevOps Server 2020Azure DevOps Server 2019 Update 1.1Azure DevOps Server 2019.0.1Team Foundation Server 2018 Update 1.2Team Foundation Server 2018 Update 3.2Team Foundation Server 2017 Update 3.1
CVE-2021-27052
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-8.86% / 92.18%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:46
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016
CVE-2021-26859
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-6.64% / 90.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:35
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power BI Information Disclosure Vulnerability

Microsoft Power BI Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_bi_report_serverPower BI Report Server version 15.0.1103.234Power BI Report Server version 15.0.1104.300
CVE-2022-34882
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-0.13% / 33.35%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 06:30
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability in RAID Manager Storage Replication Adapter

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Action-Not Available
Vendor-Docker, Inc.Hitachi, Ltd.Microsoft Corporation
Product-dockerwindowsraid_manager_storage_replication_adapterRAID Manager Storage Replication Adapter
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-21424
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 70.73%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Compute Gallery Elevation of Privilege Vulnerability

Azure Compute Gallery Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_compute_galleryAzure Compute Gallery
CWE ID-CWE-284
Improper Access Control
CVE-2024-20663
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.67% / 87.43%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:57
Updated-03 Jun, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Message Queuing Client (MSMQC) Information Disclosure

Windows Message Queuing Client (MSMQC) Information Disclosure

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows 10 Version 1507Windows 11 version 22H2Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 11 version 21H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2021-24082
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.14% / 88.18%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability

Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 14
  • 15
  • Next
Details not found