Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0587

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jun, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:24
Rejected At-
Credits

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jun, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:24
Rejected At:
▼CVE Numbering Authority (CNA)

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1010057
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2004-413.html
vendor-advisory
x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2004-418.html
vendor-advisory
x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398
vdb-entry
signature
x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
vendor-advisory
x_refsource_SUSE
http://lwn.net/Articles/91155/
vendor-advisory
x_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/10279
vdb-entry
x_refsource_BID
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
vendor-advisory
x_refsource_MANDRAKE
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
vendor-advisory
x_refsource_SGI
Hyperlink: http://securitytracker.com/id?1010057
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-413.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-418.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.novell.com/linux/security/advisories/2004_10_kernel.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lwn.net/Articles/91155/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/10279
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
Resource:
vendor-advisory
x_refsource_SGI
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1010057
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-413.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-418.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lwn.net/Articles/91155/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/10279
vdb-entry
x_refsource_BID
x_transferred
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
vendor-advisory
x_refsource_MANDRAKE
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://securitytracker.com/id?1010057
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-413.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-418.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2004_10_kernel.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lwn.net/Articles/91155/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/10279
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Aug, 2004 | 04:00
Updated At:03 Apr, 2025 | 01:03

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux_corporate_server>>2.1
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux_corporate_server>>2.1
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora_core>>core_1.0
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asccve@mitre.org
N/A
http://lwn.net/Articles/91155/cve@mitre.org
N/A
http://securitytracker.com/id?1010057cve@mitre.org
N/A
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2004_10_kernel.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-413.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-418.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/10279cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16062cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398cve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lwn.net/Articles/91155/af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1010057af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2004_10_kernel.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-413.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-418.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/10279af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16062af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lwn.net/Articles/91155/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1010057
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_10_kernel.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-413.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-418.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10279
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lwn.net/Articles/91155/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1010057
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_10_kernel.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-413.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-418.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10279
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

95Records found
CVE-2014-8180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.61%
||
7 Day CHG~0.00%
Published-06 Jun, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

Action-Not Available
Vendor-n/aRed Hat, Inc.MongoDB, Inc.
Product-mongodbsatelliten/a
CWE ID-CWE-287
Improper Authentication
CVE-2005-0757
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 19.86%
||
7 Day CHG~0.00%
Published-18 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linuxn/a
CVE-2005-0207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 23.99%
||
7 Day CHG~0.00%
Published-09 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

Action-Not Available
Vendor-conectivan/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_kernelenterprise_linux_desktopsuse_linuxlinuxenterprise_linuxn/a
CVE-2013-0163
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 14:57
Updated-06 Aug, 2024 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

Action-Not Available
Vendor-OpenShift haproxy cartridgeRed Hat, Inc.
Product-openshiftOpenShift haproxy cartridge
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2005-0092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 18.14%
||
7 Day CHG~0.00%
Published-21 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linuxn/a
CVE-2004-2395
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-17 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)
Product-mandrake_linuxmandrake_linux_corporate_servermandrake_multi_network_firewalln/a
CVE-2013-0222
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

Action-Not Available
Vendor-n/aRed Hat, Inc.openSUSE
Product-enterprise_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0241
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 18.36%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-qxl_graphics_driver_projectn/aRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_desktopxf86-video-qxlenterprise_linux_workstationn/a
CVE-2004-1237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 18.15%
||
7 Day CHG~0.00%
Published-20 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_kernelenterprise_linux_desktopenterprise_linuxsuse_linuxn/a
CVE-2004-1333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.23% / 45.67%
||
7 Day CHG~0.00%
Published-06 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernellinuxfedora_coren/a
CVE-2004-1334
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 19.55%
||
7 Day CHG~0.00%
Published-06 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernellinuxfedora_coren/a
CVE-2004-1074
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.34% / 55.75%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

Action-Not Available
Vendor-trustixturbolinuxn/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_kernelsecure_linuxturbolinux_serverenterprise_linux_desktopsuse_linuxfedora_coreenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.66% / 70.31%
||
7 Day CHG~0.00%
Published-15 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

Action-Not Available
Vendor-conectivan/aLinux Kernel Organization, IncAvaya LLCGentoo Foundation, Inc.SUSERed Hat, Inc.
Product-suse_linux_office_serverlinux_kernelsuse_email_serversuse_linux_database_servers8300s8700suse_linux_connectivity_serverlinuxintuity_audixconverged_communications_servers8500suse_linux_admin-cd_for_firewallsuse_linuxsuse_office_serverenterprise_linuxsuse_linux_firewall_cdmodular_messaging_message_storage_servern/a
CVE-2003-1295
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-28 Feb, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.
Product-enterprise_linuxsuse_linuxn/a
CVE-2000-0829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxtmpwatchn/a
CVE-2001-0914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 18.14%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, Inc
Product-linux_kernelsuse_linuxn/a
CVE-1999-1406
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 24.54%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-1999-1331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.17% / 39.05%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-1999-1348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 23.12%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2020-25743
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.2||LOW
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 14:15
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-openstack_platformqemuenterprise_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-3815
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 15:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

Action-Not Available
Vendor-The systemd ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusopenshift_container_platformenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopsystemd
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-18391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-virglrendererdebian_linuxleapenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.26%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 14:18
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxFedora ProjectRed Hat, Inc.
Product-debian_linuxqemufedoraenterprise_linuxopenstack_platformn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-4132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.12% / 32.42%
||
7 Day CHG~0.00%
Published-27 Jan, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, Inc
Product-linux_kernellinux_enterprise_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-18438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.59%
||
7 Day CHG~0.00%
Published-19 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-qemuopenstackenterprise_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10157
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 3.23%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:48
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onkeycloakkeycloak
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-287
Improper Authentication
CVE-2018-7858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.09% / 26.65%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 18:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16878
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Action-Not Available
Vendor-clusterlabsClusterLabsDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxpacemakerdebian_linuxfedoraenterprise_linuxenterprise_linux_ausenterprise_linux_eusenterprise_linux_tusleappacemaker
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-2078
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 65.15%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-virtualizationdebian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-1852
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.88%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelkernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-8576
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 30.58%
||
7 Day CHG-0.00%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-1071
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Action-Not Available
Vendor-zshzshCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationzshenterprise_linux_desktopzsh
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5973
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.05%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxRed Hat, Inc.
Product-virtualizationqemuenterprise_linuxdebian_linuxopenstackn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-3598
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.78%
||
7 Day CHG~0.00%
Published-06 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxRed Hat, Inc.
Product-openexrdebian_linuxenterprise_linuxOpenEXR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-3611
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.92%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 15:23
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-qemuenterprise_linuxQEMU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3569
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.96%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 11:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-libtpms_projectn/aRed Hat, Inc.
Product-enterprise_linuxlibtpmslibtpms
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3527
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 21:13
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxqemuenterprise_linuxQEMU
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2015-1350
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linuxlinux_kernelenterprise_mrgn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-25316
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-3.3||LOW
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 09:55
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.

Action-Not Available
Vendor-SUSE
Product-s390-toolslinux_enterprise_serverSUSE Linux Enterprise Server 12-SP5SUSE Linux Enterprise Server 15-SP2
CWE ID-CWE-377
Insecure Temporary File
CVE-2016-8909
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-8991
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.3||LOW
EPSS-0.16% / 36.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 04:27
Updated-04 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-lvm2n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2016-9401
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-06 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Action-Not Available
Vendor-n/aGNURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_server_tusenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausenterprise_linux_serverenterprise_linux_desktopdebian_linuxbashn/a
CWE ID-CWE-416
Use After Free
CVE-2016-8910
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-04 Nov, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

Action-Not Available
Vendor-n/aopenSUSEQEMURed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxqemuopenstackleapdebian_linuxvirtualizationn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-5898
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 27.17%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.

Action-Not Available
Vendor-n/aSUSEQEMU
Product-qemulinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_server_for_saplinux_enterprise_software_development_kitn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • Next
Details not found