Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-45329

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-10 Jun, 2026 | 00:34
Updated At-10 Jun, 2026 | 16:32
Rejected At-
Credits

ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:10 Jun, 2026 | 00:34
Updated At:10 Jun, 2026 | 16:32
Rejected At:
▼CVE Numbering Authority (CNA)
ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

Affected Products
Vendor
espressif
Product
esp-idf
Versions
Affected
  • = 6.0
  • = 5.5.4
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
CWECWE-125CWE-125: Out-of-bounds Read
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm
x_refsource_CONFIRM
https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:10 Jun, 2026 | 02:16
Updated At:11 Jun, 2026 | 18:04

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CPE Matches

espressif
espressif
>>esp-idf>>5.5.4
cpe:2.3:a:espressif:esp-idf:5.5.4:*:*:*:*:*:*:*
espressif
espressif
>>esp-idf>>6.0
cpe:2.3:a:espressif:esp-idf:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarysecurity-advisories@github.com
CWE-125Primarysecurity-advisories@github.com
CWE-200Primarysecurity-advisories@github.com
CWE ID: CWE-20
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-125
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-200
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192fsecurity-advisories@github.com
Patch
https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406bsecurity-advisories@github.com
Patch
https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6security-advisories@github.com
Patch
https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqmsecurity-advisories@github.com
Mitigation
Patch
Vendor Advisory
Hyperlink: https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm
Source: security-advisories@github.com
Resource:
Mitigation
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

52Records found

CVE-2020-13594
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.76% / 50.63%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 14:58
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

Action-Not Available
Vendor-espressifn/a
Product-esp-idfesp32n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45798
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.77% / 51.07%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 18:08
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.

Action-Not Available
Vendor-espressifarduino
Product-arduino-esp32arduino_core
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-12588
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.19% / 64.17%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 11:30
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Action-Not Available
Vendor-espressifn/a
Product-esp8266_nonos_sdkarduino_esp8266n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-18558
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.39% / 30.96%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 12:49
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.

Action-Not Available
Vendor-espressifn/a
Product-esp-idfn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-46532
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.23% / 13.48%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 00:35
Updated-11 Jun, 2026 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESF-IDF: Heap Out-of-Bounds Read in Bluedroid AVRCP Target Parser

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.

Action-Not Available
Vendor-espressifespressif
Product-esp-idfesp-idf
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-45160
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 15.78%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 00:26
Updated-11 Jun, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.

Action-Not Available
Vendor-espressifespressif
Product-esp-idfesp-idf
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-45328
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.13% / 2.66%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 00:33
Updated-11 Jun, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.

Action-Not Available
Vendor-espressifespressif
Product-esp-idfesp-idf
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25508
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 10.52%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 17:58
Updated-20 Feb, 2026 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote BLE client while the device is in provisioning mode. The transport accumulated prepared-write fragments in a fixed-size buffer but incorrectly tracked the cumulative length. By sending repeated prepare write requests with overlapping offsets, a remote client could cause the reported length to exceed the allocated buffer size. This inflated length was then passed to provisioning handlers during execute-write processing, resulting in an out-of-bounds read and potential memory corruption. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.

Action-Not Available
Vendor-espressifespressif
Product-esp-idfesp-idf
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66409
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.55% / 42.18%
||
7 Day CHG+0.02%
Published-02 Dec, 2025 | 18:09
Updated-13 Feb, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Action-Not Available
Vendor-espressifespressif
Product-esp-idfesp-idf
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-65092
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.12%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 21:33
Updated-25 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.

Action-Not Available
Vendor-espressif
Product-esp-idf
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-42484
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 35.25%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 14:12
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESP-NOW OOB Vulnerability In Group Type Message

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in memory corruption related attacks. Normally there are two fields in the group information that need to be checked, i.e., the addrs_num field and the addrs_list fileld. Since we only checked the addrs_list field, an attacker can send a group type message with an invalid addrs_num field, which will cause the message handled by the firmware to be much larger than the current buffer, thus causing a memory corruption issue that goes beyond the payload length.

Action-Not Available
Vendor-espressifespressif
Product-esp-nowesp-now
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-9539
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
ShareView Details
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 1.32%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 04:37
Updated-24 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libslirp TCP URG OOB Read Information Leak

An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp).

Action-Not Available
Vendor-freedesktop.org
Product-libslirp
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21465
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 0.20%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-28 Nov, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in Core

Information disclosure while processing the hash segment in an MBN file.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn9000_firmwareqca8072_firmwaresdx80msdx55sm4125qam8650psnapdragon_x72_5g_modem-rf_systemqcn5121sa6155psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)snapdragon_7c\+_gen_3_compute_firmwaresnapdragon_8\+_gen_2_mobile_platformsnapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmwareqfw7124_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresdx61aqt1000snapdragon_8cx_compute_platform_\(sc8180x-ab\)qdx1011snapdragon_8_gen_2_mobile_platform_firmwaresm7325p_firmwareqxm8083_firmwareqcn9022_firmwareqam8255p_firmwaresrv1l_firmwarevision_intelligence_400_platformsa8150p_firmwareqcf8000sfpqcm8550_firmwareqamsrv1h_firmwaresnapdragon_auto_4g_modemsd855wcd9341_firmwaresd_8_gen1_5gsnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_845_mobile_platformqca8075wcd9306_firmwarewcd9385_firmwareqcm6490_firmwaresa7255p_firmwareqcn9072snapdragon_x62_5g_modem-rf_systemqcn6412_firmwareqcs4290qcs4290_firmwareqca6335_firmwareqca6584au_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_x72_5g_modem-rf_system_firmwaresd_675_firmwaresnapdragon_x62_5g_modem-rf_system_firmwaresm8635p_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwareqcm8550snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwareqcn9024sc8380xp_firmwarewsa8815sm7315qcs8300srv1hqcm4490_firmwaresnapdragon_855_mobile_platformvideo_collaboration_vc5_platformwcd9326_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)snapdragon_480_5g_mobile_platform_firmwareqca6421_firmwaresm8550p_firmwarevideo_collaboration_vc3_platform_firmwareqca6574au_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)qcm4290_firmwaresnapdragon_662_mobile_platform_firmwaresnapdragon_wear_1300_platform_firmwareqca6595au_firmwaresnapdragon_460_mobile_platformsnapdragon_8_gen_2_mobile_platformqcc7225_firmwareqdx1010qsm8250_firmwarecsra6620wcn3980qca6584auipq5312sd662_firmwarevision_intelligence_300_platform_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresa8145p_firmwareqcn6224_firmwaresm8750_firmwareqcm2290smart_audio_400_platformsa8155pqcm6125sa8540p_firmwarewcd9385qca4024_firmwarewcd9380_firmwareqca8386_firmwareqsm8250qcn5124_firmwaresm8750pwcn6450snapdragon_680_4g_mobile_platformsnapdragon_675_mobile_platformqcf8000sfp_firmwaresc8180x\+sdx55_firmwareipq9048wcn7880ipq6028sg8275p_firmwareqca8337_firmwaresd662wcn3988_firmwarecsra6640_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwareqca6698aqsnapdragon_x70_modem-rf_systemsxr2130_firmwareqsm8350_firmwareipq9554_firmwaresnapdragon_x24_lte_modemsm7675psm6250fastconnect_6800qca6574a_firmware9205_lte_modemwsa8832_firmwaresa8650psa2150p_firmwaresxr2230p_firmwaresnapdragon_690_5g_mobile_platform_firmwareqca6678aq_firmwaresm6250_firmwareqsm8350qcn9070snapdragon_680_4g_mobile_platform_firmwaresm8550pwcd9378_firmwareqcn9013_firmwarewcn7881_firmwareqcn6023_firmwareqcn9274_firmwareqca6431_firmwaressg2115p_firmwaresm7315_firmwarefastconnect_6900_firmwareqca6678aqwsa8835_firmwaresa8295psc8380xpqdx1011_firmwaresdx55_firmwaresd730snapdragon_xr1_platform_firmwarewcn3988sa8540pqca6696_firmwarevision_intelligence_300_platformqca8084snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqcs4490_firmwaresm7675_firmwareqcn5022qcn9012snapdragon_662_mobile_platformsxr2250pwcn6755_firmwaresxr2330p_firmwarewsa8810_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcc7226_firmwarewcn6650wcd9360qdu1110_firmwareqcm4325ipq9554wsa8840snapdragon_778g_5g_mobile_platformqdu1110csr8811ipq9574wsa8840_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqcc711_firmwareipq6000qdu1000sm7250p_firmwarewcn3950_firmwareqcn5122_firmwarewsa8845hqrb5165msnapdragon_auto_5g_modem-rf_firmwareqca6310snapdragon_780g_5g_mobile_platform_firmwaresdx57mssg2125p_firmwaresxr1120_firmwaresnapdragon_720g_mobile_platform_firmwareqcn9274snapdragon_865_5g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)sm7325pqca0000qcm4290qcn6024_firmwareqcs9100qfw7114snapdragon_665_mobile_platform_firmwareqca6421wcd9370_firmwaresnapdragon_855_mobile_platform_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)ar8035_firmwareqcn9000srv1lwsa8845sdx80m_firmwareimmersive_home_326_platformwcn7860_firmwareqamsrv1hqru1062sm8750snapdragon_xr2_5g_platformsa6150p_firmwaresg4150p_firmwarewcn3910_firmwaresm8750p_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresg8275pqca4004fastconnect_7800_firmwareqxm8083qru1052_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)qca9984sxr2230psa8620p_firmwaresnapdragon_ar2_gen_1_platformqcs7230snapdragon_850_mobile_compute_platform_firmwaresnapdragon_695_5g_mobile_platformrobotics_rb2_platform_firmwaresa8770pqrb5165nsrv1m_firmwarewcd9375qca6574_firmwaresnapdragon_x24_lte_modem_firmwaresa6145p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqca6430qca6391_firmwareqdu1000_firmwarewcn6755snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmwaresd_8cx_firmwareipq9570_firmwaresnapdragon_8_gen_3_mobile_platformqcn5052qca6688aq_firmwareqcf8001qcn5124ipq5300sw5100p_firmwaresnapdragon_850_mobile_compute_platformsa6155_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"snapdragon_x75_5g_modem-rf_systemwcn7861sa8775pwcn6650_firmwareqcn5022_firmwareimmersive_home_326_platform_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)qca6431sd_8cxfastconnect_6800_firmwarewcd9375_firmwareimmersive_home_3210_platformqcn9074_firmwareqca6564auqca6595auqcc710ssg2125pqamsrv1mqca8085_firmwaresnapdragon_710_mobile_platformsnapdragon_wear_1300_platformsnapdragon_ar2_gen_1_platform_firmwareqfw7114_firmwareqru1032_firmwareqts110_firmwaresm8635psnapdragon_670_mobile_platformsnapdragon_x50_5g_modem-rf_system_firmwareqcs9100_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqca6174a_firmwaresm4635qca6564a_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresw5100talynplus_firmwarewsa8830qcn5122csrb31024wsa8830_firmwareqcn6023qca6430_firmwaresa8155p_firmwaresnapdragon_678_mobile_platform_\(sm6150-ac\)_firmwareqcm6490c-v2x_9150_firmwaresnapdragon_xr2_5g_platform_firmwaresd865_5g_firmwareqca6436_firmwareqca6595wcn3999ipq9574_firmwaresnapdragon_750g_5g_mobile_platformwcd9380smart_audio_400_platform_firmwaresnapdragon_xr1_platform315_5g_iot_modem_firmwareqca6564qcs6490_firmwaresnapdragon_888_5g_mobile_platform_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwareqca6310_firmwareipq6000_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresd670_firmwareqca6420_firmwareqca6688aqwcd9340_firmwareqamsrv1m_firmwaresnapdragon_720g_mobile_platformsnapdragon_730g_mobile_platform_\(sm7150-ab\)ar8031qcs8550sxr1120qca9984_firmwareqep8111_firmwareqcn5021_firmwaresdx65msdx61_firmwaresnapdragon_x50_5g_modem-rf_systemsnapdragon_w5\+_gen_1_wearable_platformsnapdragon_665_mobile_platformsm4635_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcd9360_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwareqam8295pssg2115psm7675qep8111qca6391csr8811_firmwaresa8295p_firmware9205_lte_modem_firmwareqcs6490ipq9570qcc7226wsa8810qcs610qts110qcn9160_firmwaresnapdragon_xr2\+_gen_1_platformqdu1010_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150pvideo_collaboration_vc5_platform_firmwareqru1062_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm6370sd_8_gen1_5g_firmwarewcd9378snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareipq6028_firmwaresa8530pqcs8300_firmwareqca8386snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwareqcs8250_firmwarewcn7880_firmwaresnapdragon_730g_mobile_platform_\(sm7150-ab\)_firmwareqcn6274snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)sa8150pqcs610_firmwaresnapdragon_x70_modem-rf_system_firmwareqca6797aqqam8650p_firmwareipq6005qca6564asnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)sw5100_firmwareqcs410ipq6005_firmwareqcn6024qca9377_firmwareqca8075_firmwareqca6574asnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)wcn3999_firmwareqca6564_firmwareqca8082_firmwareqca6436wsa8845_firmwareqrb5165n_firmwarewcd9340wcd9341sa7255pqca6426_firmwareqcs8155_firmwaresd460snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwarefastconnect_6200snapdragon_7c_compute_platform_\(sc7180-ac\)sd888snapdragon_x35_5g_modem-rf_systemsnapdragon_675_mobile_platform_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwareimmersive_home_3210_platform_firmwareipq6018wsa8832aqt1000_firmwaresnapdragon_ar1_gen_1_platform_firmwaresd675_firmwareqcc7225qdu1210sdx65m_firmwareqcn6224snapdragon_7c\+_gen_3_computesnapdragon_ar1_gen_1_platformsm6250pqcs2290sdx57m_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)snapdragon_670_mobile_platform_firmwarewcd9370qca8081_firmwareqcc710_firmwareqca6698aq_firmwarecsra6640wcd9306snapdragon_712_mobile_platformqcn9013sa4150psw5100psc8180x\+sdx55wcn7860sm7250psm6650qcs5430qcs2290_firmwaresa8145pwsa8845h_firmwarewcd9395_firmwaresd670wcd9371snapdragon_x35_5g_modem-rf_system_firmwaresa8195psa9000psnapdragon_4_gen_1_mobile_platformipq6010snapdragon_712_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformqcn9072_firmwarewcd9390ar8035sa8775p_firmwaresm7675p_firmwareqcn7606_firmwareqam8775pqcm2290_firmwaremdm9205svision_intelligence_400_platform_firmwareqca6797aq_firmwareqcs8250qca6564au_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmwaresnapdragon_730_mobile_platform_\(sm7150-aa\)sa8650p_firmwaremdm9205s_firmwareqcn9011_firmwareqcc711snapdragon_678_mobile_platform_\(sm6150-ac\)wcn7881robotics_rb3_platform_firmwaresxr2250p_firmwaresnapdragon_780g_5g_mobile_platformsrv1mqcn9012_firmwarecsra6620_firmwarewcd9395qcs410_firmwareqcn5052_firmwareqcm4490qru1052robotics_rb2_platformsnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwareqca8085qdu1210_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)qca4004_firmwaresxr1230pqcc7228_firmwarewcn7861_firmwareqca9377qcn7606fastconnect_6700_firmwaresa8155_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmwarefastconnect_6700snapdragon_730_mobile_platform_\(sm7150-aa\)_firmwareipq5300_firmwarewcn3980_firmwareqca6696qcm5430_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)sxr2330pqcs8550_firmwarerobotics_rb5_platformqca6426qdx1010_firmwaresa4155p_firmwareipq9008qcn9074qcn9011snapdragon_8\+_gen_1_mobile_platformqca8084_firmwareqcf8000qcn5121_firmwaresa2150pqam8295p_firmwarewcn3910qcf8001_firmwaresm7635_firmwaresnapdragon_690_5g_mobile_platformsnapdragon_4_gen_2_mobile_platformwcd9326snapdragon_x55_5g_modem-rf_systemsnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_8_gen_1_mobile_platformqdu1010snapdragon_865_5g_mobile_platform_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmwaresa8155snapdragon_695_5g_mobile_platform_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcn9022qcm6125_firmwaresdx71m_firmwareqca6574wcn6740_firmwaresa8255p_firmwareqcn6412ipq5332qcs7230_firmwaresa6155sxr1230p_firmwaresd855_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)ipq5302qcn9160sdx71msnapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)_firmwarerobotics_rb5_platform_firmwarevideo_collaboration_vc1_platform_firmwareqcn6432snapdragon_ar1_gen_1_platform_\"luna1\"snapdragon_765_5g_mobile_platform_\(sm7250-aa\)qcs8155sd675sa7775pvideo_collaboration_vc1_platformqcn6402qcn6402_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_8_gen_1_mobile_platform_firmwareqcs4490flight_rb5_5g_platform_firmwaresa8620pwcn6450_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_auto_5g_modem-rfqcc7228sm6370_firmwareqrb5165m_firmwareqca6595_firmwareqam8775p_firmwaresa8195p_firmwaresnapdragon_x65_5g_modem-rf_systemqcn6432_firmwarewcn6740qca8081sm7635qcm4325_firmwareqcn5152qcn5152_firmwaresnapdragon_732g_mobile_platform_\(sm7150-ac\)wcd9335_firmwaresd888_firmwaresm8635sa7775p_firmwarecsrb31024_firmwareipq5302_firmwaresnapdragon_750g_5g_mobile_platform_firmwarewcd9335wsa8815_firmwareipq5312_firmwaresa9000p_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9390_firmwarefastconnect_6900qam8255pvideo_collaboration_vc3_platformqcn6274_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)fastconnect_6200_firmwarewsa8835sd865_5grobotics_rb3_platformqca8072flight_rb5_5g_platformsa6150pqam8620pipq6010_firmwaresnapdragon_732g_mobile_platform_\(sm7150-ac\)_firmwaresm4125_firmwarear8031_firmwareqcn9070_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwareqcn9024_firmwaresa6155p_firmwarec-v2x_9150qca4024ipq9008_firmwarewcn3950sm6650_firmwaresa4155psrv1h_firmwareqca8082fastconnect_7800qcs6125_firmwareqcf8000_firmwareqfw7124sd_675qcs6125qcn5021sa6145pqcm5430talynplussa8530p_firmwaresd730_firmwaresm6250p_firmwareqcn6422_firmwareqcn6422qca6174asnapdragon_7c_compute_platform_\(sc7180-ac\)_firmwareqca6335snapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)ipq9048_firmwareqca8337qru1032sd460_firmwareqca0000_firmwareqam8620p_firmware315_5g_iot_modemwcn3990_firmwaresnapdragon_auto_4g_modem_firmwarewcd9371_firmwarewcn3990qca6574auipq6018_firmwareqcs5430_firmwaresa8770p_firmwareqca6420sxr2130ipq5332_firmwaresa8255psm8635_firmwareSnapdragon
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21464
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 0.20%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-28 Nov, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in Core

Information disclosure while reading data from an image using specified offset and size parameters.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn9000_firmwareqca8072_firmwaresdx80msdx55sm4125qam8650psnapdragon_x72_5g_modem-rf_systemqcn5121sa6155psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)snapdragon_7c\+_gen_3_compute_firmwaresnapdragon_8\+_gen_2_mobile_platformsnapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmwareqfw7124_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresdx61aqt1000snapdragon_8cx_compute_platform_\(sc8180x-ab\)qdx1011snapdragon_8_gen_2_mobile_platform_firmwaresm7325p_firmwareqxm8083_firmwareqcn9022_firmwareqam8255p_firmwaresrv1l_firmwarevision_intelligence_400_platformsa8150p_firmwareqcf8000sfpqcm8550_firmwareqamsrv1h_firmwaresnapdragon_auto_4g_modemsd855wcd9341_firmwaresd_8_gen1_5gsnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_845_mobile_platformqca8075wcd9306_firmwarewcd9385_firmwareqcm6490_firmwaresnapdragon_x62_5g_modem-rf_systemqcn9072sa7255p_firmwareqcn6412_firmwareqcs4290qcs4290_firmwareqca6335_firmwareqca6584au_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_x62_5g_modem-rf_system_firmwaresd_675_firmwaresm8635p_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwareqcm8550snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwareqcn9024sc8380xp_firmwarewsa8815sm7315qcs8300srv1hqcm4490_firmwaresnapdragon_855_mobile_platformvideo_collaboration_vc5_platformwcd9326_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)snapdragon_480_5g_mobile_platform_firmwareqca6421_firmwaresm8550p_firmwarevideo_collaboration_vc3_platform_firmwareqca6574au_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)qcm4290_firmwaresnapdragon_662_mobile_platform_firmwaresnapdragon_wear_1300_platform_firmwareqca6595au_firmwaresnapdragon_460_mobile_platformsnapdragon_8_gen_2_mobile_platformqdx1010qsm8250_firmwarecsra6620wcn3980qca6584auipq5312sd662_firmwarevision_intelligence_300_platform_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresa8145p_firmwareqcn6224_firmwaresm8750_firmwareqcm2290smart_audio_400_platformsa8155pqcm6125sa8540p_firmwarewcd9385qca4024_firmwarewcd9380_firmwareqca8386_firmwareqsm8250qcn5124_firmwaresm8750pwcn6450snapdragon_680_4g_mobile_platformsnapdragon_675_mobile_platformqcf8000sfp_firmwaresc8180x\+sdx55_firmwareipq9048wcn7880ipq6028sg8275p_firmwareqca8337_firmwaresd662wcn3988_firmwarecsra6640_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwareqca6698aqsnapdragon_x70_modem-rf_systemqsm8350_firmwareipq9554_firmwaresnapdragon_x24_lte_modemsm7675psm6250fastconnect_6800qca6574a_firmware9205_lte_modemwsa8832_firmwaresa8650psa2150p_firmwaresxr2230p_firmwaresnapdragon_690_5g_mobile_platform_firmwareqca6678aq_firmwaresm6250_firmwareqsm8350qcn9070snapdragon_680_4g_mobile_platform_firmwaresm8550pwcd9378_firmwareqcn9013_firmwarewcn7881_firmwareqcn6023_firmwareqcn9274_firmwareqca6431_firmwaressg2115p_firmwaresm7315_firmwarefastconnect_6900_firmwareqca6678aqwsa8835_firmwaresa8295psc8380xpqdx1011_firmwaresdx55_firmwaresd730wcn3988sa8540pqca6696_firmwarevision_intelligence_300_platformqca8084snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqcs4490_firmwaresm7675_firmwareqcn5022qcn9012snapdragon_662_mobile_platformsxr2250pwcn6755_firmwaresxr2330p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewsa8810_firmwarewcn6650wcd9360qdu1110_firmwareipq9554wsa8840qcm4325snapdragon_778g_5g_mobile_platformqdu1110csr8811ipq9574wsa8840_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqcc711_firmwareipq6000qdu1000sm7250p_firmwarewcn3950_firmwareqcn5122_firmwarewsa8845hqrb5165msnapdragon_auto_5g_modem-rf_firmwareqca6310snapdragon_780g_5g_mobile_platform_firmwaresdx57mssg2125p_firmwaresnapdragon_720g_mobile_platform_firmwareqcn9274snapdragon_865_5g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)sm7325pqca0000qcn6024_firmwareqcm4290qcs9100qfw7114snapdragon_665_mobile_platform_firmwareqca6421wcd9370_firmwaresnapdragon_855_mobile_platform_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)ar8035_firmwareqcn9000srv1lwsa8845sdx80m_firmwareimmersive_home_326_platformwcn7860_firmwareqamsrv1hqru1062sm8750snapdragon_xr2_5g_platformsa6150p_firmwaresg4150p_firmwarewcn3910_firmwaresm8750p_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresg8275pqca4004fastconnect_7800_firmwareqxm8083qru1052_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)qca9984sxr2230psa8620p_firmwaresnapdragon_ar2_gen_1_platformqcs7230snapdragon_850_mobile_compute_platform_firmwaresnapdragon_695_5g_mobile_platformrobotics_rb2_platform_firmwaresa8770pqrb5165nsrv1m_firmwarewcd9375qca6574_firmwaresnapdragon_x24_lte_modem_firmwaresa6145p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqca6430qca6391_firmwareqdu1000_firmwarewcn6755snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmwaresd_8cx_firmwareipq9570_firmwaresnapdragon_8_gen_3_mobile_platformqcn5052qca6688aq_firmwareqcf8001qcn5124ipq5300sw5100p_firmwaresnapdragon_850_mobile_compute_platformsa6155_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"snapdragon_x75_5g_modem-rf_systemwcn7861sa8775pwcn6650_firmwareqcn5022_firmwareimmersive_home_326_platform_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)qca6431sd_8cxfastconnect_6800_firmwarewcd9375_firmwareimmersive_home_3210_platformqcn9074_firmwareqca6564auqca6595auqcc710ssg2125pqamsrv1mqca8085_firmwaresnapdragon_wear_1300_platformsnapdragon_ar2_gen_1_platform_firmwareqfw7114_firmwareqru1032_firmwareqts110_firmwaresm8635psnapdragon_670_mobile_platformsnapdragon_x50_5g_modem-rf_system_firmwareqcs9100_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqca6174a_firmwaresm4635qca6564a_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresw5100talynplus_firmwarewsa8830qcn5122csrb31024wsa8830_firmwareqcn6023qca6430_firmwaresa8155p_firmwaresnapdragon_678_mobile_platform_\(sm6150-ac\)_firmwareqcm6490c-v2x_9150_firmwaresnapdragon_xr2_5g_platform_firmwaresd865_5g_firmwareqca6436_firmwareqca6595wcn3999ipq9574_firmwaresnapdragon_750g_5g_mobile_platformwcd9380smart_audio_400_platform_firmware315_5g_iot_modem_firmwareqcs6490_firmwareqca6564snapdragon_888_5g_mobile_platform_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwareqca6310_firmwareipq6000_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresd670_firmwareqca6420_firmwareqca6688aqwcd9340_firmwareqamsrv1m_firmwaresnapdragon_720g_mobile_platformsnapdragon_730g_mobile_platform_\(sm7150-ab\)ar8031qcs8550qca9984_firmwareqep8111_firmwarewcn3950qcn5021_firmwaresdx65msnapdragon_x50_5g_modem-rf_systemsdx61_firmwaresnapdragon_w5\+_gen_1_wearable_platformsnapdragon_665_mobile_platformsm4635_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcd9360_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwareqam8295pssg2115psm7675qep8111qca6391csr8811_firmwaresa8295p_firmware9205_lte_modem_firmwareqcs6490ipq9570wsa8810qcs610qts110qcn9160_firmwaresnapdragon_xr2\+_gen_1_platformqdu1010_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150pvideo_collaboration_vc5_platform_firmwareqru1062_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm6370sd_8_gen1_5g_firmwarewcd9378snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareipq6028_firmwaresa8530pqcs8300_firmwareqca8386snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwareqcs8250_firmwarewcn7880_firmwaresnapdragon_730g_mobile_platform_\(sm7150-ab\)_firmwareqcn6274snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)sa8150pqcs610_firmwaresnapdragon_x70_modem-rf_system_firmwareqca6797aqqam8650p_firmwareipq6005qca6564asnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)sw5100_firmwareqcs410ipq6005_firmwareqcn6024qca9377_firmwareqca8075_firmwareqca6574asnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)wcn3999_firmwareqca6564_firmwareqca8082_firmwareqca6436wsa8845_firmwareqrb5165n_firmwarewcd9340wcd9341sa7255pqca6426_firmwareqcs8155_firmwaresd460snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwarefastconnect_6200snapdragon_7c_compute_platform_\(sc7180-ac\)sd888snapdragon_x35_5g_modem-rf_systemsnapdragon_675_mobile_platform_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwareimmersive_home_3210_platform_firmwareipq6018wsa8832aqt1000_firmwaresnapdragon_ar1_gen_1_platform_firmwaresd675_firmwareqdu1210sdx65m_firmwareqcn6224snapdragon_7c\+_gen_3_computesnapdragon_ar1_gen_1_platformsm6250pqcs2290sdx57m_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)snapdragon_670_mobile_platform_firmwarewcd9370qca8081_firmwareqcc710_firmwareqca6698aq_firmwarecsra6640wcd9306qcn9013sa4150psw5100psc8180x\+sdx55wcn7860sm7250psm6650qcs5430qcs2290_firmwaresa8145pwsa8845h_firmwarewcd9371sd670wcd9395_firmwaresnapdragon_x35_5g_modem-rf_system_firmwaresa8195psa9000psnapdragon_4_gen_1_mobile_platformipq6010snapdragon_888_5g_mobile_platformqcn9072_firmwarewcd9390ar8035sa8775p_firmwaresm7675p_firmwareqcn7606_firmwareqam8775pqcm2290_firmwaremdm9205svision_intelligence_400_platform_firmwareqca6797aq_firmwareqcs8250qca6564au_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmwaresnapdragon_730_mobile_platform_\(sm7150-aa\)sa8650p_firmwaremdm9205s_firmwareqcn9011_firmwareqcc711snapdragon_678_mobile_platform_\(sm6150-ac\)wcn7881robotics_rb3_platform_firmwaresxr2250p_firmwaresnapdragon_780g_5g_mobile_platformsrv1mqcn9012_firmwarecsra6620_firmwarewcd9395qcs410_firmwareqcn5052_firmwareqcm4490qru1052robotics_rb2_platformsnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwareqca8085qdu1210_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)qca4004_firmwaresxr1230pwcn7861_firmwareqca9377qcn7606fastconnect_6700_firmwaresa8155_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmwarefastconnect_6700snapdragon_730_mobile_platform_\(sm7150-aa\)_firmwareipq5300_firmwareqca6696wcn3980_firmwareqcm5430_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)sxr2330pqcs8550_firmwarerobotics_rb5_platformqca6426qdx1010_firmwaresa4155p_firmwareipq9008qcn9074qcn9011snapdragon_8\+_gen_1_mobile_platformqca8084_firmwareqcf8000qcn5121_firmwaresa2150pqam8295p_firmwarewcn3910qcf8001_firmwaresm7635_firmwaresnapdragon_690_5g_mobile_platformsnapdragon_4_gen_2_mobile_platformwcd9326snapdragon_x55_5g_modem-rf_systemsnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_8_gen_1_mobile_platformqdu1010snapdragon_865_5g_mobile_platform_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmwaresa8155snapdragon_695_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcn9022qcm6125_firmwaresdx71m_firmwareqca6574wcn6740_firmwaresa8255p_firmwareqcn6412ipq5332qcs7230_firmwaresa6155sxr1230p_firmwaresd855_firmwareipq5302snapdragon_782g_mobile_platform_\(sm7325-af\)qcn9160sdx71msnapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)_firmwarerobotics_rb5_platform_firmwarevideo_collaboration_vc1_platform_firmwareqcn6432snapdragon_ar1_gen_1_platform_\"luna1\"snapdragon_765_5g_mobile_platform_\(sm7250-aa\)qcs8155sd675sa7775pvideo_collaboration_vc1_platformqcn6402qcn6402_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_8_gen_1_mobile_platform_firmwareqcs4490flight_rb5_5g_platform_firmwaresa8620pwcn6450_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_auto_5g_modem-rfsm6370_firmwareqrb5165m_firmwareqca6595_firmwareqam8775p_firmwaresa8195p_firmwaresnapdragon_x65_5g_modem-rf_systemqcn6432_firmwarewcn6740qca8081sm7635qcm4325_firmwareqcn5152qcn5152_firmwaresnapdragon_732g_mobile_platform_\(sm7150-ac\)wcd9335_firmwaresd888_firmwaresm8635sa7775p_firmwarecsrb31024_firmwareipq5302_firmwaresnapdragon_750g_5g_mobile_platform_firmwarewcd9335wsa8815_firmwareipq5312_firmwaresa9000p_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9390_firmwarefastconnect_6900qam8255pvideo_collaboration_vc3_platformqcn6274_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)fastconnect_6200_firmwarewsa8835sd865_5grobotics_rb3_platformqca8072flight_rb5_5g_platformsa6150pqam8620pipq6010_firmwaresnapdragon_732g_mobile_platform_\(sm7150-ac\)_firmwaresm4125_firmwarear8031_firmwareqcn9070_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwareqcn9024_firmwaresa6155p_firmwarec-v2x_9150qca4024ipq9008_firmwaresa4155psm6650_firmwaresrv1h_firmwaresxr2130_firmwareqca8082fastconnect_7800qcs6125_firmwareqcf8000_firmwareqfw7124sd_675qcs6125qcn5021sa6145pqcm5430talynplussa8530p_firmwaresd730_firmwaresm6250p_firmwareqcn6422_firmwareqcn6422qca6174aqca6335qca8337snapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)ipq9048_firmwaresnapdragon_7c_compute_platform_\(sc7180-ac\)_firmwareqru1032sd460_firmwareqca0000_firmwareqam8620p_firmware315_5g_iot_modemsnapdragon_auto_4g_modem_firmwarewcd9371_firmwarewcn3990_firmwarewcn3990qca6574auipq6018_firmwareqcs5430_firmwaresa8770p_firmwareqca6420sxr2130ipq5332_firmwaresa8255psm8635_firmwareSnapdragon
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22226
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.1||HIGH
EPSS-1.68% / 74.06%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 11:56
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-25||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-telco_cloud_platformworkstationesxifusioncloud_foundationtelco_cloud_infrastructureESXiVMware Telco Cloud PlatformVMware Cloud FoundationVMware FusionVMware WorkstationVMware Telco Cloud InfrastructureESXi, Workstation, and Fusion
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40523
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 1.69%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure in Kernel

Information disclosure in Kernel due to indirect branch misprediction.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresnapdragon_850_mobile_compute_platform_firmwaresm7325-ae_firmwaresm6250p_firmwareqcs610sc8180x-ab_firmwareqca8337qca6431_firmwareqam8775pwcn3950_firmwaresa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_x70_modem-rf_systemqca6335sm8350sdm670csra6620_firmwaresd_675_firmwarecsra6640_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwareqam8295pwcn3950qcn6024_firmwaresm4125sd_8_gen1_5g_firmwaresm6375_firmwaresm7150-acqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420snapdragon_xr2\+_gen_1_platformsc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsc8180xp-aa_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqca4004_firmwaresd662_firmwaresm7250-ab_firmwareqca6430robotics_rb3_platformwcd9306_firmwarewcd9340qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255pqca6431qca6696_firmwaresc8180xp-ab_firmwarewcd9371sc8180x-abqca6797aqwcn3910_firmwaresm4350_firmwaresd_8cxsa8150pqca4004sm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwaresa8295p_firmwaresnapdragon_675_mobile_platform_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaressg2125pqca6564au9205_lte_modemsd670_firmwareqca6574snapdragon_7c\+_gen_3_computewcd9380sc8180xp-aaqcs410sm7150-aa_firmwaresxr1230psc8180xp-ad_firmwaresc8180x-ac_firmwareqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qcs8250qca6426_firmwaresm4450qca9984sc8180x-adqcn9024wcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresa8295psm7150-aa9205_lte_modem_firmwaresm6350wcn6740_firmwareqca6421_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemar8031_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresm6350_firmwareqca6797aq_firmwarewcn785x-1_firmwaresd670qcn9024_firmwareqca6564a_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemsc8180xp-ac_firmwarewsa8832sa8540pqcs610_firmwareqsm8250sa6145par8031qcs4490qca6595_firmwaresc8280xp-bbqca6391_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675ssg2115p_firmwareqam8255par8035_firmwareqcm2290qsm8250_firmwareqcn7606wcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresm6125snapdragon_850_mobile_compute_platformsnapdragon_x24_lte_modem_firmwareqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwaresc7180-acqca6390_firmwaresd730_firmwarewcd9370sd675_firmwaressg2115pqca6426sc8280xp-abwcn3990_firmwareqrb5165n_firmwareqca9984_firmwareqca9377sm8450sm8250-absd_8cx_firmwarewcd9385_firmwarewcd9326_firmwaresd662qam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemsa9000p_firmwaresdx55_firmwareqca6595ausm7325-af_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwaresm4350-acqrb5165nwcd9306qca6564au_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwaresm6225snapdragon_x70_modem-rf_system_firmwareqcs6490qcs8550_firmwaresm8250_firmwarevision_intelligence_300_platform_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwareqca6421sm7250-aasm6250wsa8810_firmwaresm4375_firmwarevision_intelligence_400_platformsm8450_firmwaresc7180-adwcd9326wcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwareqca8081qcm4490qca6174a_firmwareqcs4290_firmwaresnapdragon_wear_1300_platform_firmwaresxr2130_firmwarewcd9385qcs6490_firmwaresm7150-absc8180x-acqca6390wcd9375ar8035aqt1000sm6250_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsm8150wsa8815_firmwareqcm6490wsa8835_firmwaresm7350-abqca6564awcn785x-1qcm2290_firmwarewcn3990sd_675sd865_5gqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresc7180-ad_firmwaresa8540p_firmwaresd_8_gen1_5gsm6250psc8180xp-acsxr2130ssg2125p_firmwareqca6574asmart_audio_400_platformwcn685x-5_firmwaresc8180x-afqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresa9000pqca6574_firmwaresm7250-absd855sm4125_firmwaresm7325p_firmwaresxr2230psdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwarevision_intelligence_300_platformsd460qca6391sm8250-ab_firmwaresc8280xp-ab_firmwareaqt1000_firmwareqcm4490_firmwareqcm4290qcm6490_firmwarewsa8832_firmwarewcn685x-5qcn9011sm6225_firmwaresc8180xp-af_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwarewsa8810sm7250-aa_firmwaresc8180x-aa_firmwaresm7250-acsm8150-ac_firmwaresnapdragon_ar2_gen_1_platformsc8180x-aasm8350-acqam8650p_firmwaresnapdragon_675_mobile_platformsc8180x-af_firmwarewcn6740qca6696qcs8550sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsc8180xp-abqcn6024sc8180x-ad_firmwaresm7250pqcs410_firmwaresnapdragon_wear_1300_platformsm7325_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-29901
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-4.95% / 91.11%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Action-Not Available
Vendor-Debian GNU/LinuxIntel CorporationVMware (Broadcom Inc.)Xen ProjectFedora Project
Product-core_i7-6920hqcore_i3-6167u_firmwarecore_i7-8705gcore_i7-8665ucore_i3-6100ucore_i3-8300tcore_i7-8510y_firmwarecore_i7-6700_firmwarecore_i7-6600ucore_i3-6100u_firmwarecore_i7-8706gcore_i3-8120_firmwarecore_i3-6300core_i5-8600_firmwarecore_i7-6510u_firmwarecore_i7-8565u_firmwarecore_i7-6822eq_firmwarecore_i3-6100e_firmwarecore_i3-8350k_firmwarecore_i7-8700t_firmwarecore_i5-8305g_firmwarecore_i3-6167ucore_i5-8500bcore_i5-6310ucore_i5-8269ucore_i5-8259u_firmwarecore_i5-8400hcore_i3-6300tcore_i7-8700core_i3-6120core_i5-8400core_i7-8705g_firmwarecore_i5-8400b_firmwarecore_i5-6300hq_firmwarecore_i7-6700t_firmwarecore_i3-8100_firmwarecore_i7-8709g_firmwarecore_i7-6500ucore_i7-6600u_firmwarecore_i7-6500u_firmwarecore_i7-6770hqcore_i3-6320core_i7-6700kcore_i7-8700kcore_i3-8000core_i3-8120core_i7-6650u_firmwarecore_i7-8560u_firmwarecore_i7-6820eq_firmwarecore_i5-8500t_firmwaredebian_linuxcore_i7-8670core_i7-8560ucore_i3-8145ucore_i5-8300h_firmwarecore_i5-8600k_firmwarecore_i7-6822eqcore_i3-8130u_firmwarecore_i3-8000tcore_i7-6700tecore_i5-6400tcore_i7-6567u_firmwarecore_i5-6300ucore_i3-8109ucore_i7-8565ucore_m5-6y57core_i3-6100t_firmwarecore_i5-8250ucore_i7-8569u_firmwarecore_i7-8706g_firmwarecore_i5-6442eq_firmwarecore_i7-6920hq_firmwarecore_i5-8269u_firmwarecore_i5-6600k_firmwarecore_i5-8550ucore_i3-6110u_firmwarecore_i3-6100hcore_i5-6287u_firmwarecore_i5-6200u_firmwarecore_i3-8100t_firmwarecore_i5-8259ucore_i5-8210y_firmwarecore_m5-6y54core_i5-6442eqcore_i5-6600kcore_i5-8420tcore_i5-6500core_i7-8650u_firmwarecore_i3-6300_firmwarecore_i5-8400bcore_i7-8850h_firmwarecore_m7-6y75_firmwarecore_i5-6200ucore_i7-8670t_firmwarecore_i7-6700hq_firmwarecore_i7-6700hqcore_m3-8100ycore_i5-6500te_firmwarecore_i3-8100hcore_i5-8650_firmwarecore_i5-8250u_firmwarecore_i7-6870hqcore_i5-8400_firmwarecore_i5-6350hqcore_i5-8550core_i7-6970hq_firmwarecore_i7-8670_firmwarecore_i5-8400h_firmwarecore_i7-6970hqcore_i7-6660u_firmwarecore_i7-6820hkcore_i5-8350ucore_i3-6100te_firmwarecore_i3-6320t_firmwarecore_i3-6120tcore_i5-6440hq_firmwarecore_m3-6y30_firmwarecore_i5-6350hq_firmwarecore_i5-8600core_i7-8550ucore_i5-8400t_firmwarecore_i5-8500tcore_i7-8500y_firmwarecore_i3-6102ecore_i3-6120_firmwarecore_i5-6400t_firmwarecore_i5-8365u_firmwarecore_i5-6310u_firmwarecore_i7-6700te_firmwarecore_i3-8100core_i5-6400core_i5-8310y_firmwarecore_i5-6600tcore_i3-8020core_i7-6650ucore_i7-6510ucore_i5-6360u_firmwarecore_i3-8100h_firmwarecore_i5-6400_firmwarecore_m7-6y75core_i5-6600t_firmwarecore_i5-8350u_firmwarecore_m3-6y30core_i5-6210ucore_i7-8700b_firmwarefedoracore_i7-8559u_firmwarecore_i7-8850hcore_i9-8950hkcore_i5-8265u_firmwarecore_i7-8665u_firmwarecore_i7-6560u_firmwarecore_i7-6820hq_firmwarecore_i3-6100tcore_i7-6820eqcore_i3-6320_firmwarecore_i3-8300_firmwarecore_i7-8500ycore_i5-8600kcore_i3-8145u_firmwarecore_i7-8700k_firmwarecore_i5-8400tcore_i5-8650core_i7-8700_firmwarecore_i7-8750hcore_i3-6100_firmwarecore_i5-6500tecore_i5-8365ucore_i5-8420core_i7-8670tcore_i7-6700tcore_i5-6260u_firmwarecore_i5-8210ycore_i7-6660ucore_i5-8500b_firmwarecore_i7-8750h_firmwarecore_i5-8500_firmwarecore_i3-6100h_firmwarecore_i3-6100ecore_i3-8300t_firmwarecore_i3-8109u_firmwarecore_i5-6210u_firmwarecore_i5-6300u_firmwarecore_i3-6120t_firmwarecore_i7-8809g_firmwarecore_i7-8557u_firmwarecore_m5-6y57_firmwarecore_i7-8750hfcore_i5-6500_firmwarecore_i5-8550_firmwarecore_i5-8420t_firmwarecore_i5-6500t_firmwarecore_i3-8300core_i7-6567ucore_i5-8200ycore_i7-8750hf_firmwarecore_i3-6100core_i5-8310ycore_i7-8809gcore_i9-8950hk_firmwarecore_i5-8500core_i7-6870hq_firmwarecore_i3-8000_firmwarecore_m5-6y54_firmwarecore_i5-6360ucore_i3-6320tcore_i7-8700bcore_i7-8709gcore_i5-8420_firmwarecore_i3-6300t_firmwarecore_i7-8550u_firmwarecore_i3-8000t_firmwarecore_i5-6287ucore_i5-8200y_firmwarecore_i5-8550u_firmwarecore_i5-8650kcore_i7-8510ycore_i7-8569ucore_i5-6267u_firmwarexencore_i7-6770hq_firmwarecore_i5-8265ucore_i3-6110ucore_i3-8100tcore_i5-6267ucore_i5-6300hqcore_m3-8100y_firmwarecore_i3-8020_firmwarecore_i5-6260ucore_i5-6440hqcore_i5-6500tcore_i7-6700k_firmwarecore_i5-8650k_firmwarecore_i7-8557ucore_i7-6560ucore_i7-6700core_i7-6820hk_firmwarecore_i7-8700tcore_i3-8350kcore_i5-6440eqcore_i5-8300hcore_i7-6820hqcore_i5-6440eq_firmwarecore_i5-8600t_firmwarecore_i5-8305gcore_i5-8600tcore_i7-8559ucore_i7-8650ucore_i3-6100tecore_i5-6600_firmwarecore_i3-8130ucore_i5-6600esxicore_i3-6102e_firmwareIntel Microprocessors
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-8305
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 1.16%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 07:58
Updated-23 Dec, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure in Identity Agent Debug Files

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-Identity Awareness
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-10756
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 39.75%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 15:34
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Action-Not Available
Vendor-libslirp_projectn/aCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxopenstackenterprise_linuxlibslirpleapSlirp
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-3182
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.78%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 18:04
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-Hawkhawk
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-22270
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.1||HIGH
EPSS-0.51% / 39.45%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 12:59
Updated-27 Jun, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Action-Not Available
Vendor-N/AApple Inc.VMware (Broadcom Inc.)
Product-fusionworkstationmacosVMware WorkstationVMware Fusionworkstationfusion
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21989
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 36.24%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:43
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-workstationwindowshorizon_clientVMware Workstation Pro / Player (Workstation), VMware Horizon Client for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-22269
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.1||HIGH
EPSS-0.51% / 39.45%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 12:59
Updated-27 Jun, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Action-Not Available
Vendor-N/AApple Inc.VMware (Broadcom Inc.)
Product-fusionworkstationmacosVMware WorkstationVMware Fusionvmware_workstationfusion
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-1798
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-8.7||HIGH
EPSS-0.36% / 27.95%
||
7 Day CHG~0.00%
Published-15 Sep, 2022 | 15:45
Updated-21 Apr, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal vulnerability in Kubevirt

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

Action-Not Available
Vendor-kubevirtGoogle LLC
Product-kubevirtKubevirt
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-0093
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.96%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-19 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gaming
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-17393
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.86%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 20:20
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520.

Action-Not Available
Vendor-Parallels International Gmbh
Product-parallels_desktopDesktop
CWE ID-CWE-20
Improper Input Validation
CVE-2023-4135
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.41% / 32.83%
||
7 Day CHG~0.00%
Published-04 Aug, 2023 | 13:19
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read information disclosure vulnerability

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

Action-Not Available
Vendor-n/aQEMUFedora ProjectRed Hat, Inc.
Product-qemufedoraExtra Packages for Enterprise LinuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6qemu-kvmRed Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36043
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.16%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Management Infrastructure Information Disclosure Vulnerability

Open Management Infrastructure Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-system_center_operations_managerSystem Center Operations Manager (SCOM) 2019System Center Operations Manager (SCOM) 2022System Center Operations Manager (SCOM) 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-34044
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.1||HIGH
EPSS-0.20% / 10.47%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 08:56
Updated-02 Aug, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure vulnerability in bluetooth device-sharing functionality

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Action-Not Available
Vendor-Apple Inc.VMware (Broadcom Inc.)
Product-workstationfusionmac_os_xFusionWorkstation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-0267
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.42%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 20:00
Updated-29 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2021-32847
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.37% / 28.84%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 00:00
Updated-10 Mar, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

Action-Not Available
Vendor-mobyprojectmoby
Product-hyperkithyperkit
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-5552
Matching Score-4
Assigner-Sophos Limited
ShareView Details
Matching Score-4
Assigner-Sophos Limited
CVSS Score-7.1||HIGH
EPSS-0.50% / 39.12%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 23:29
Updated-13 Sep, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.

Action-Not Available
Vendor-Sophos Ltd.
Product-firewallSophos Firewall
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-20680
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-9845
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 33.46%
||
7 Day CHG~0.00%
Published-29 Dec, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35070
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.40%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs6125_firmwarewcn3980qcs6125wcn3950wcd9375wcd9370_firmwarewsa8815sd665sd665_firmwarewcn3950_firmwarewsa8815_firmwarewsa8810_firmwareqcm6125wsa8810wcd9375_firmwarewcn3980_firmwarewcd9370qcm6125_firmwareSnapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35080
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.40%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2290_firmwaresd680_firmwarewcn3991_firmwarewcn3991wsa8830sw5100pqcs2290_firmwareqcm4290sd480_firmwaresd662_firmwarewcn3988_firmwarewsa8835qcs4290wcn3950_firmwarewsa8810_firmwareqcm4290_firmwareqcs2290sd480sd680sw5100wsa8810sw5100p_firmwarewcd9370qcs4290_firmwarewcd9385sd695_firmwarewcn3980wcn3998wcd9385_firmwarewcn3950sm4125wcn3910_firmwarewcd9375wcd9370_firmwaresm4125_firmwarewsa8815sd662wcn3910wsa8830_firmwaresd460_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresd695sw5100_firmwarewcd9375_firmwarewcn3980_firmwarewcn3998_firmwaresd460qcm2290Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-8304
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 1.16%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 07:57
Updated-23 Dec, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure in Identity Agent Registry Keys

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-Identity Agent
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 30.07%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 15:00
Updated-26 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

Action-Not Available
Vendor-n/aXen ProjectRed Hat, Inc.
Product-enterprise_linuxxenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20295
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.74%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.

Action-Not Available
Vendor-n/aQEMU
Product-qemuQEMU
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40525
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 1.69%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in Linux Networking Firmware

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6005qca8072qcn9070qcn9274qcn9000qcn5052qcn9070_firmwareqca8084ipq6028_firmwareipq6010ipq9008qcn9074qca4024_firmwareqca8082qca8085ipq9574qca8386qcn5122qcn9024_firmwareqcn9072csr8811_firmwareqcn5121_firmwareipq6000qca8081qca8075_firmwareipq6005_firmwareipq6018qcn5022qcn5152_firmwareqcn6023qca8085_firmwareipq6010_firmwareqca8072_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareipq9008_firmwareqcn6024_firmwareipq6018_firmwareqca4024csr8811qca8386_firmwareqca8084_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022qcn9072_firmwareqca8082_firmwareipq6000_firmwareipq6028qcn5021qcn5121qcn5122_firmwareqcn5152ipq9574_firmwareqca8081_firmwareqcn5022_firmwareqcn6023_firmwareqcn9024qcn9074_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-30338
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.16% / 5.40%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:10
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdxr1_firmwaresd850_firmwaresd850sdxr1Snapdragon Compute
CWE ID-CWE-20
Improper Input Validation
CVE-2021-30278
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.14% / 4.09%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresd678qcn9070sa6150p_firmwaresa8145p_firmwareqcs610sm6250p_firmwarewsa8830qcs2290_firmwarefsm10056qca8337sd7c_firmwarecsrb31024csra6620fsm10055_firmwareqcn9072qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresa6155ipq6000sd690_5gsd730_firmwarecsra6620_firmwarewcd9370sd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377sa415msd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950qcn6024_firmwaresd720gsm6375_firmwaresd662sd460_firmwaresa8155qca6574au_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwarewcd9306sm6225wcn3999sa515m_firmwareqcs6490qrb5165_firmwaresdxr2_5gqcn5052sa8155_firmwareipq6010qca4004_firmwaresd662_firmwaresa415m_firmwareqcs405wcn3988_firmwareqcn9074sa6145p_firmwaresm6250sd778g_firmwarewcd9306_firmwarewcd9340sa8195psd765gsd765_firmwarefsm10056_firmwareqca6436wcn6851wcd9335sa6155pqca8081qcn6023qca6174a_firmwareqcs4290_firmwarewcd9385qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarear8035csr8811qca6390sd_8cxsa8150psd750g_firmwaresm6250_firmwarewcd9375wcn3910_firmwareqca4004wsa8830_firmwaresd660sd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988sd660_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qcx315qcn5022_firmwareqca6564awcn6750_firmwareqca8072qcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwarewcn3990qcn9000sd_675sd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwarewsa8835qca6574qcx315_firmwaresd665_firmwarecsr8811_firmwarewcd9380sd888_5gsd850sm6250pqcs410qca8075_firmwareqca6574asd690_5g_firmwareipq6005_firmwarewcn6855_firmwareqca6174asm7325psdx24_firmwareqca8072_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980wcn6750ipq6018_firmwaremdm9205sa515mqca6574_firmwarewcd9340_firmwaresm7325p_firmwaresd665sd7cwcn3910wcn6850sd765qca6426_firmwareqca6574a_firmwareqca9984ipq6028qcn5021qcn5152qcn9024sd768g_firmwaresd850_firmwarewcn3980_firmwaresd460qca6391sd730sdx55mipq6005sd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290qcm6490_firmwareqcn9070_firmwareqrb5165sd480_firmwarewcn6851_firmwareipq6028_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqcn5122qca6564a_firmwareqcn9024_firmwareqcm4290_firmwaresd480sd870qcn5121_firmwarewcn6855qcs610_firmwaremdm9150wcn6856qsm8250ipq6018qcn5022sa6145pqca6564_firmwareipq6010_firmwarear8031sd768gqcs405_firmwaresa8145pqca6696mdm9205_firmwareqca6391_firmwarewcd9370_firmwaresa6150psdx55qca8075qcn5021_firmwareqcn9022_firmwarecsra6640qcn6024qcn9022sa8155psd675qcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwareqcn9074_firmwareqcs410_firmwarear8035_firmwareqcm2290qsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CVE-2024-29074
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 7.98%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-12 Mar, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telephony has an improper input validation vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2025-29781
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.56%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 21:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSubscription`. Prior to versions 0.8.1 and 0.9.1, an adversary Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a `BMCEventSubscription` in his authorized namespace and then load Secrets from his unauthorized namespaces to his authorized namespace via the Baremetal Operator, causing Secret Leakage. The patch makes BMO refuse to read Secrets from other namespace than where the corresponding BMH resource is. The patch does not change the `BMCEventSubscription` API in BMO, but stricter validation will fail the request at admission time. It will also prevent the controller reading such Secrets, in case the BMCES CR has already been deployed. The issue exists for all versions of BMO, and is patched in BMO releases v0.9.1 and v0.8.1. Prior upgrading to patched BMO version, duplicate any existing Secret pointed to by `BMCEventSubscription`'s `httpHeadersRef` to the same namespace where the corresponding BMH exists. After upgrade, remove the old Secrets. As a workaround, the operator can configure BMO RBAC to be namespace scoped, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces, and/or use `WATCH_NAMESPACE` configuration option to limit BMO to single namespace.

Action-Not Available
Vendor-metal3-io
Product-baremetal-operator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CVE-2025-27040
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 0.16%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 03:17
Updated-21 Oct, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in TZ Firmware

Information disclosure may occur while processing the hypervisor log.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq8076a_firmwareqcn9001ipq5010pmp8074qcn5064_firmwareipq8078a_firmwareipq8078aqcn9022_firmwareqcn9070_firmwareqcn9012ipq5028_firmwareqca8075qcn6024_firmwareqcn9074_firmwareqca8075_firmwareipq8074_firmwareqcn5052_firmwareipq9008qca8081_firmwareqcn9003qca8081qcn6112_firmwarepmp8074_firmwareqcn5054ipq8072a_firmwarecsr8811immersive_home_318_platform_firmwareqcn5550ipq8070aqcn9001_firmwareqcn5164qcn9002ipq8076qcn9072_firmwareqcn9100_firmwareqcn9070qcn5154_firmwareqcn5164_firmwareqca6438qcn6023qca4024_firmwareqcn6023_firmwareimmersive_home_214_platformipq8173_firmwareipq8174_firmwareqcn9012_firmwareqcn5154qcn5124immersive_home_316_platformqcn6024ipq9574ipq8173qca9984_firmwareqcn5152_firmwareqcn5152qcn6100_firmwareqcn6100ipq8070_firmwarecsr8811_firmwareqca4024ipq8071a_firmwareqcn5054_firmwareqcn5550_firmwareqcn6102qcn9000_firmwareqcn5024_firmwareqca6438_firmwareqca9984qcn6132ipq8071aqcn6112ipq8174ipq8072qcn9024ipq8070a_firmwareqcn9022ipq8078qca9889ipq8074aqca9888immersive_home_216_platformqcn6132_firmwareqca6428sdx55immersive_home_216_platform_firmwareimmersive_home_318_platformqcn9072qcn5122qca8072sdx55_firmwareipq5010_firmwareipq8074a_firmwareipq8078_firmwareqcn9003_firmwareqcn9024_firmwareipq8076aqcn6102_firmwareqca6428_firmwareqcn9000ipq8070qcn9274qca9889_firmwareipq8071immersive_home_316_platform_firmwareqca6694ipq8072aipq8072_firmwareqca9888_firmwareqcn5022qcn9100ipq8074qcn5022_firmwareipq9008_firmwareqcn5052qca6694_firmwareipq8076_firmwareqcn9274_firmwareimmersive_home_214_platform_firmwareqcn5124_firmwareqcn6122ipq5028ipq9574_firmwareqcn5122_firmwareqcn6122_firmwareqcn5064qcn9002_firmwareqca8072_firmwareipq8071_firmwareqcn9074qcn5024Snapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27244
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.65%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 21:05
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925.

Action-Not Available
Vendor-Parallels International Gmbh
Product-parallels_desktopDesktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48319
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 12.32%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 16:56
Updated-12 Mar, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Host secret disclosed in Checkmk logs

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.

Action-Not Available
Vendor-tribe29 GmbHCheckmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21988
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 36.24%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:35
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-workstationwindowshorizon_clientVMware Workstation Pro / Player (Workstation), VMware Horizon Client for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-21987
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 42.46%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:34
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-workstationwindowshorizon_clientVMware Workstation Pro / Player (Workstation), VMware Horizon Client for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3990
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.22%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 16:17
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workstation_playerhorizon_clientworkstation_proVMware Workstation and Horizon Client for Windows
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • Next
Details not found