Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0968

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Oct, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:38
Rejected At-
Credits

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Oct, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:38
Rejected At:
▼CVE Numbering Authority (CNA)

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2005/dsa-636
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-261.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/11286
vdb-entry
x_refsource_BID
https://www.ubuntu.com/usn/usn-4-1/
vendor-advisory
x_refsource_UBUNTU
http://security.gentoo.org/glsa/glsa-200410-19.xml
vendor-advisory
x_refsource_GENTOO
http://www.trustix.org/errata/2004/0050
vendor-advisory
x_refsource_TRUSTIX
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2004-586.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2005/dsa-636
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-261.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/11286
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.ubuntu.com/usn/usn-4-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://security.gentoo.org/glsa/glsa-200410-19.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.trustix.org/errata/2004/0050
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-586.html
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2005/dsa-636
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-261.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/11286
vdb-entry
x_refsource_BID
x_transferred
https://www.ubuntu.com/usn/usn-4-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://security.gentoo.org/glsa/glsa-200410-19.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.trustix.org/errata/2004/0050
vendor-advisory
x_refsource_TRUSTIX
x_transferred
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-586.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2005/dsa-636
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-261.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11286
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.ubuntu.com/usn/usn-4-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200410-19.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.trustix.org/errata/2004/0050
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-586.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Feb, 2005 | 05:00
Updated At:03 Apr, 2025 | 01:03

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
GNU
gnu
>>glibc>>2.0
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.0.1
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.0.2
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.0.3
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.0.4
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.0.5
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.0.6
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1.1
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1.1.6
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1.2
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1.3
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1.3.10
cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.1.9
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.2
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.2.1
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.2.2
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.2.3
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.2.4
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.2.5
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.3
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.3.1
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.3.2
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.3.3
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.3.4
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>2.3.10
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>3.0
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>3.0
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>3.0
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>3.0
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200410-19.xmlcve@mitre.org
N/A
http://www.debian.org/security/2005/dsa-636cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-586.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-261.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/11286cve@mitre.org
Patch
Vendor Advisory
http://www.trustix.org/errata/2004/0050cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523cve@mitre.org
N/A
https://www.ubuntu.com/usn/usn-4-1/cve@mitre.org
N/A
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200410-19.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2005/dsa-636af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-586.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-261.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11286af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.trustix.org/errata/2004/0050af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.ubuntu.com/usn/usn-4-1/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200410-19.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-636
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-586.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-261.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11286
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.trustix.org/errata/2004/0050
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.ubuntu.com/usn/usn-4-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200410-19.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-636
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-586.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-261.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11286
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.trustix.org/errata/2004/0050
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.ubuntu.com/usn/usn-4-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2014-9585
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverlinux_kernelenterprise_linux_ausenterprise_linux_eusevergreenenterprise_linux_server_euslinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinux_enterprise_software_development_kitenterprise_linux_server_ausfedoraopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_workstation_extensionlinux_enterprise_servern/a
CVE-2014-1859
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.86%
||
7 Day CHG-0.08%
Published-08 Jan, 2018 | 19:00
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-numpyn/aRed Hat, Inc.Fedora Project
Product-fedoranumpyenterprise_linuxn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-0181
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.03% / 5.79%
||
7 Day CHG~0.00%
Published-27 Apr, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSERed Hat, Inc.
Product-enterprise_linux_serverlinux_kernelevergreenenterprise_linux_desktoplinux_enterprise_real_time_extensionsuse_linux_enterprise_serverlinux_enterprise_servern/a
CVE-2014-0068
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.74%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 20:34
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftopenshift-origin-node-utilopenshift node-util
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2012-6119
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 16.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

Action-Not Available
Vendor-candlepinprojectn/aRed Hat, Inc.
Product-candlepinsubscription_asset_managern/a
CVE-2018-1099
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 16:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Action-Not Available
Vendor-Red Hat, Inc.Fedora Project
Product-etcdfedoraetcd
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0889
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 20.96%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 00:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxdirectory_servern/a
CWE ID-CWE-264
Not Available
CVE-2012-5635
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-09 Apr, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

Action-Not Available
Vendor-glustern/aRed Hat, Inc.
Product-storage_native_clientstorage_serverglusterfsstorage_management_consolen/a
CVE-2007-2797
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 24.41%
||
7 Day CHG~0.00%
Published-27 Aug, 2007 | 17:00
Updated-07 Aug, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

Action-Not Available
Vendor-xtermn/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxxtermenterprise_linuxn/a
CVE-2017-2614
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_virtualizationovirt-engine-extension-aaa-jdbc
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-1999-1332
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.15% / 36.80%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2021-46705
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 09:50
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
grub2-once uses fixed file name in /var/tmp

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.

Action-Not Available
Vendor-GNUopenSUSESUSE
Product-linux_enterprise_serverfactorygrub2openSUSE FactorySUSE Linux Enterprise Server 15 SP4
CWE ID-CWE-377
Insecure Temporary File
CVE-2004-0977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-20 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Action-Not Available
Vendor-trustixn/aRed Hat, Inc.The PostgreSQL Global Development GroupMandriva (Mandrakesoft)
Product-mandrake_linux_corporate_serverenterprise_linuxenterprise_linux_desktoppostgresqlsecure_linuxmandrake_linuxn/a
  • Previous
  • 1
  • 2
  • Next
Details not found