Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2002-0839

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Oct, 2002 | 04:00
Updated At-08 Aug, 2024 | 03:03
Rejected At-
Credits

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Oct, 2002 | 04:00
Updated At:08 Aug, 2024 | 03:03
Rejected At:
â–¼CVE Numbering Authority (CNA)

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2002/dsa-188
vendor-advisory
x_refsource_DEBIAN
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
x_refsource_CONFIRM
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
vendor-advisory
x_refsource_ENGARDE
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
vendor-advisory
x_refsource_SGI
http://online.securityfocus.com/advisories/4617
vendor-advisory
x_refsource_HP
http://www.debian.org/security/2002/dsa-187
vendor-advisory
x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=130497311408250&w=2
vendor-advisory
x_refsource_HP
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
mailing-list
x_refsource_VULNWATCH
http://www.apacheweek.com/issues/02-10-04
x_refsource_CONFIRM
http://www.securityfocus.com/bid/5884
vdb-entry
x_refsource_BID
http://www.debian.org/security/2002/dsa-195
vendor-advisory
x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=103376585508776&w=2
mailing-list
x_refsource_BUGTRAQ
http://www.iss.net/security_center/static/10280.php
vdb-entry
x_refsource_XF
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
vendor-advisory
x_refsource_MANDRAKE
http://marc.info/?l=bugtraq&m=130497311408250&w=2
vendor-advisory
x_refsource_HP
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
mailing-list
x_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
mailing-list
x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://www.debian.org/security/2002/dsa-188
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Resource:
vendor-advisory
x_refsource_ENGARDE
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://online.securityfocus.com/advisories/4617
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.debian.org/security/2002/dsa-187
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://marc.info/?l=bugtraq&m=130497311408250&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
Resource:
mailing-list
x_refsource_VULNWATCH
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/5884
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2002/dsa-195
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.iss.net/security_center/static/10280.php
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://marc.info/?l=bugtraq&m=130497311408250&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2002/dsa-188
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
x_refsource_CONFIRM
x_transferred
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
vendor-advisory
x_refsource_ENGARDE
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
vendor-advisory
x_refsource_SGI
x_transferred
http://online.securityfocus.com/advisories/4617
vendor-advisory
x_refsource_HP
x_transferred
http://www.debian.org/security/2002/dsa-187
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://marc.info/?l=bugtraq&m=130497311408250&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
mailing-list
x_refsource_VULNWATCH
x_transferred
http://www.apacheweek.com/issues/02-10-04
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/5884
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2002/dsa-195
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://marc.info/?l=bugtraq&m=103376585508776&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.iss.net/security_center/static/10280.php
vdb-entry
x_refsource_XF
x_transferred
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://marc.info/?l=bugtraq&m=130497311408250&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-188
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Resource:
vendor-advisory
x_refsource_ENGARDE
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://online.securityfocus.com/advisories/4617
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-187
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=130497311408250&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
Resource:
mailing-list
x_refsource_VULNWATCH
x_transferred
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5884
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-195
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.iss.net/security_center/static/10280.php
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=130497311408250&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Oct, 2002 | 04:00
Updated At:16 Apr, 2026 | 00:27

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
The Apache Software Foundation
apache
>>http_server>>Versions from 1.3.0(inclusive) to 1.3.27(exclusive)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>2.2
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>3.0
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Apache
Last Modified : 2008-07-02T00:00:00

Fixed in Apache HTTP Server 1.3.27: http://httpd.apache.org/security/vulnerabilities_13.html

References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-Icve@mitre.org
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.htmlcve@mitre.org
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlcve@mitre.org
Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.htmlcve@mitre.org
Broken Link
Patch
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530cve@mitre.org
Third Party Advisory
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2cve@mitre.org
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=103376585508776&w=2cve@mitre.org
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2cve@mitre.org
Issue Tracking
Mailing List
Third Party Advisory
http://online.securityfocus.com/advisories/4617cve@mitre.org
Third Party Advisory
VDB Entry
http://www.apacheweek.com/issues/02-10-04cve@mitre.org
Release Notes
Vendor Advisory
http://www.debian.org/security/2002/dsa-187cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2002/dsa-188cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2002/dsa-195cve@mitre.org
Third Party Advisory
http://www.iss.net/security_center/static/10280.phpcve@mitre.org
Broken Link
Vendor Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phpcve@mitre.org
Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-2414.htmlcve@mitre.org
Broken Link
http://www.securityfocus.com/bid/5884cve@mitre.org
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-Iaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=103376585508776&w=2af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Mailing List
Third Party Advisory
http://online.securityfocus.com/advisories/4617af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.apacheweek.com/issues/02-10-04af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
http://www.debian.org/security/2002/dsa-187af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2002/dsa-188af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2002/dsa-195af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.iss.net/security_center/static/10280.phpaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phpaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-2414.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/5884af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
Source: cve@mitre.org
Resource:
Broken Link
Patch
Vendor Advisory
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Source: cve@mitre.org
Resource:
Issue Tracking
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130497311408250&w=2
Source: cve@mitre.org
Resource:
Issue Tracking
Mailing List
Third Party Advisory
Hyperlink: http://online.securityfocus.com/advisories/4617
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-187
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-188
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-195
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/security_center/static/10280.php
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/5884
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Vendor Advisory
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130497311408250&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Mailing List
Third Party Advisory
Hyperlink: http://online.securityfocus.com/advisories/4617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-187
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-195
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/security_center/static/10280.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/5884
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

267Records found
CVE-2018-19966
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-08 Dec, 2018 | 04:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

Action-Not Available
Vendor-n/aDebian GNU/LinuxXen Project
Product-xendebian_linuxn/a
CWE ID-CWE-436
Interpretation Conflict
CVE-2022-23220
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.71%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.

Action-Not Available
Vendor-usbview_projectn/aCanonical Ltd.Debian GNU/LinuxGentoo Foundation, Inc.
Product-usbviewubuntu_linuxdebian_linuxlinuxn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2014-1737
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2016-9775
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.85%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.The Apache Software Foundation
Product-ubuntu_linuxdebian_linuxtomcatn/a
CVE-2019-7524
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.66%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 13:45
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxdovecotleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17805
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.04%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Linux Kernel Organization, IncSUSEopenSUSE
Product-linux_enterprise_desktoplinux_kernellinux_enterprise_serverleapdebian_linuxlinux_enterprise_server_for_raspberry_piubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-16526
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-04 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Linux Kernel Organization, Inc
Product-linux_kerneldebian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14497
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-28893
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.09%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 04:15
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-h300eh500ssolidfire_\&_hci_management_nodeh300s_firmwareh410c_firmwareh410sh300shci_compute_nodeh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700esolidfire\,_enterprise_sds_\&_hci_storage_nodehci_compute_node_firmwareh700e_firmwareh410ch700sn/a
CWE ID-CWE-416
Use After Free
CVE-2009-0029
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.26%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Action-Not Available
Vendor-christophe.varoquin/aopenSUSEJuniper Networks, Inc.Avaya LLCNovellSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktopmessaging_storage_serverintuity_audix_lxopen_enterprise_serverlinux_enterprise_serverfedoractpviewmultipath-toolsmessage_networkingopensusen/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-27239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.97%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Action-Not Available
Vendor-n/aSUSEHP Inc.Debian GNU/LinuxSambaFedora Project
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_high_performance_computingmanager_serverlinux_enterprise_real_timehelion_openstackopenstack_cloudcifs-utilsmanager_proxymanager_retail_branch_serverlinux_enterprise_microdebian_linuxfedoralinux_enterprise_point_of_servicecaas_platformlinux_enterprise_desktoplinux_enterprise_storageenterprise_storageopenstack_cloud_crowbarn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1240
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-22.09% / 95.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-tomcatdebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4553
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 9.94%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

Action-Not Available
Vendor-n/aDebian GNU/LinuxQEMU
Product-debian_linuxqemun/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5394
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-09 Dec, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-shadown/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4539
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-29 Dec, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

Action-Not Available
Vendor-kvm_qumranetn/aCanonical Ltd.QEMUDebian GNU/Linux
Product-debian_linuxubuntu_linuxkvmqemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-45417
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Action-Not Available
Vendor-advanced_intrusion_detection_environment_projectn/aCanonical Ltd.Red Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoravirtualization_hostenterprise_linuxovirt-nodeadvanced_intrusion_detection_environmentn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found