Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2000-0531

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 Jul, 2000 | 04:00
Updated At-08 Aug, 2024 | 05:21
Rejected At-
Credits

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 Jul, 2000 | 04:00
Updated At:08 Aug, 2024 | 05:21
Rejected At:
▼CVE Numbering Authority (CNA)

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.pl
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/1377
vdb-entry
x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2000-045.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/5010
vdb-entry
x_refsource_XF
http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.pl
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/1377
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2000-045.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5010
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.pl
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/1377
vdb-entry
x_refsource_BID
x_transferred
http://www.redhat.com/support/errata/RHSA-2000-045.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/5010
vdb-entry
x_refsource_XF
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.pl
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/1377
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2000-045.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5010
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Nov, 1999 | 05:00
Updated At:03 Apr, 2025 | 01:03

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
The MITRE Corporation (Caldera)
caldera
>>openlinux>>2.3
cpe:2.3:o:caldera:openlinux:2.3:*:*:*:*:*:*:*
The MITRE Corporation (Caldera)
caldera
>>openlinux>>2.4
cpe:2.3:o:caldera:openlinux:2.4:*:*:*:*:*:*:*
The MITRE Corporation (Caldera)
caldera
>>openlinux_eserver>>2.3
cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>linux>>6.0
cpe:2.3:o:redhat:linux:6.0:*:i386:*:*:*:*:*
Red Hat, Inc.
redhat
>>linux>>6.1
cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2000-045.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/1377cve@mitre.org
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.plcve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/5010cve@mitre.org
N/A
http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2000-045.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/1377af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.plaf854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/5010af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2000-045.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/1377
Source: cve@mitre.org
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.pl
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5010
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2000-045.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/1377
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000%40apollo.aci.com.pl
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

85Records found
CVE-2004-1074
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.34% / 55.74%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

Action-Not Available
Vendor-trustixturbolinuxn/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_kernelsecure_linuxturbolinux_serverenterprise_linux_desktopsuse_linuxfedora_coreenterprise_linuxlinux_advanced_workstationn/a
CVE-2021-4115
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.89%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

Action-Not Available
Vendor-polkit_projectn/aOracle CorporationFedora ProjectDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-ubuntu_linuxdebian_linuxfedorazfs_storage_appliance_kitenterprise_linuxpolkitpolkitd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2004-0587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 13.23%
||
7 Day CHG~0.00%
Published-23 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSEMandriva (Mandrakesoft)
Product-fedora_coresuse_linuxmandrake_linux_corporate_servermandrake_linuxn/a
CVE-2004-0812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 22.43%
||
7 Day CHG~0.00%
Published-20 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_desktopenterprise_linuxn/a
CVE-2004-0554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.66% / 70.29%
||
7 Day CHG~0.00%
Published-15 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

Action-Not Available
Vendor-conectivan/aLinux Kernel Organization, IncAvaya LLCGentoo Foundation, Inc.SUSERed Hat, Inc.
Product-suse_linux_office_serverlinux_kernelsuse_email_serversuse_linux_database_servers8300s8700suse_linux_connectivity_serverlinuxintuity_audixconverged_communications_servers8500suse_linux_admin-cd_for_firewallsuse_linuxsuse_office_serverenterprise_linuxsuse_linux_firewall_cdmodular_messaging_message_storage_servern/a
CVE-2003-1295
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 20.46%
||
7 Day CHG~0.00%
Published-28 Feb, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.
Product-enterprise_linuxsuse_linuxn/a
CVE-2002-1231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 19.58%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.

Action-Not Available
Vendor-n/aThe MITRE Corporation (Caldera)
Product-unixwareopenunixn/a
CVE-2020-11669
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.77%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 14:40
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelleapn/a
CVE-2020-10734
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 15:29
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-single_sign-onjboss_fuseopenshift_application_runtimeskeycloakkeycloak
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-10769
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.15%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 15:32
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.openSUSE
Product-enterprise_linuxleapKernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1852
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelkernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-3815
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 15:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

Action-Not Available
Vendor-The systemd ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusopenshift_container_platformenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopsystemd
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-43389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.41%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 18:39
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxlinux_kernelenterprise_linuxcommunications_cloud_native_core_network_exposure_functioncommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policyn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3941
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-openexrdebian_linuxfedoraenterprise_linuxopenexr
CWE ID-CWE-369
Divide By Zero
CVE-2021-3598
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.72%
||
7 Day CHG~0.00%
Published-06 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxRed Hat, Inc.
Product-openexrdebian_linuxenterprise_linuxOpenEXR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9921
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxvirtualizationqemudebian_linuxopenstackn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-8576
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.12% / 31.06%
||
7 Day CHG+0.03%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2004-1335
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-06 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernellinuxfedora_coren/a
CVE-2016-6835
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-10 Dec, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxdebian_linuxvirtualizationqemun/a
CVE-2000-0829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxtmpwatchn/a
CVE-2016-6888
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG+0.01%
Published-10 Dec, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxvirtualizationqemudebian_linuxopenstackn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-7422
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-10 Dec, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.openSUSE
Product-enterprise_linuxvirtualizationqemuleapopenstackn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-8669
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-369
Divide By Zero
CVE-1999-1348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 23.09%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-1999-1406
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2016-3695
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 4.92%
||
7 Day CHG~0.00%
Published-29 Dec, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelenterprise_linuxn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-18391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.41%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-virglrendererdebian_linuxleapenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.25%
||
7 Day CHG-0.02%
Published-02 Jun, 2021 | 14:18
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxFedora ProjectRed Hat, Inc.
Product-debian_linuxqemufedoraenterprise_linuxopenstack_platformn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-10157
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 3.22%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:48
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onkeycloakkeycloak
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-287
Improper Authentication
CVE-2008-1943
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.14% / 34.24%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 18:00
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.

Action-Not Available
Vendor-xensourcen/aRed Hat, Inc.
Product-desktopxenvirtualization_serverenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-20257
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.81%
||
7 Day CHG+0.01%
Published-16 Mar, 2022 | 14:12
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxFedora ProjectRed Hat, Inc.
Product-debian_linuxqemufedoraenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endianopenstack_platformcodeready_linux_builderQEMU
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-1350
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.57%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linuxlinux_kernelenterprise_mrgn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2016-8909
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 10.15%
||
7 Day CHG-0.01%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2016-9401
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.02%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-06 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Action-Not Available
Vendor-n/aGNURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_server_tusenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausenterprise_linux_serverenterprise_linux_desktopdebian_linuxbashn/a
CWE ID-CWE-416
Use After Free
CVE-2016-8910
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • Next
Details not found