CVE-2025-20643

MEDIUM Year: 2025
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-1295
View all →

Vulnerability Description

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.

Related Vulnerabilities

CVE-2021-31412

MEDIUM
CVSS:5.3(Medium)

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), ...

CWE-12952021

CVE-2024-11217

MEDIUM
CVSS:4.9(Medium)

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

CWE-12952024

CVE-2025-2877

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook ...

CWE-12952025

CVE-2024-27179

MEDIUM
CVSS:4.7(Medium)

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.

CWE-12952024

CVE-2021-25476

MEDIUM
CVSS:4.4(Medium)

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CWE-12952021

CVE-2022-34364

MEDIUM
CVSS:4.4(Medium)

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged...

CWE-12952022