Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-2444

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-14 May, 2007 | 21:00
Updated At-07 Aug, 2024 | 13:42
Rejected At-
Credits

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:14 May, 2007 | 21:00
Updated At:07 Aug, 2024 | 13:42
Rejected At:
▼CVE Numbering Authority (CNA)

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://security.gentoo.org/glsa/glsa-200705-15.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/25289
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1805
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/25772
third-party-advisory
x_refsource_SECUNIA
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
vendor-advisory
x_refsource_OPENPKG
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/25270
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/468670/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/2281
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2210
vdb-entry
x_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
vendor-advisory
x_refsource_HP
http://www.trustix.org/errata/2007/0017/
vendor-advisory
x_refsource_TRUSTIX
http://www.securitytracker.com/id?1018049
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/usn-460-1
vendor-advisory
x_refsource_UBUNTU
http://securityreason.com/securityalert/2701
third-party-advisory
x_refsource_SREASON
http://secunia.com/advisories/25241
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/25256
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1366
x_refsource_CONFIRM
http://secunia.com/advisories/25259
third-party-advisory
x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
vendor-advisory
x_refsource_SLACKWARE
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
vendor-advisory
x_refsource_SUNALERT
http://www.debian.org/security/2007/dsa-1291
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/468548/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/25232
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/25251
third-party-advisory
x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
vendor-advisory
x_refsource_SUNALERT
http://www.ubuntu.com/usn/usn-460-2
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/25246
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/34698
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/25255
third-party-advisory
x_refsource_SECUNIA
http://www.samba.org/samba/security/CVE-2007-2444.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/23974
vdb-entry
x_refsource_BID
http://secunia.com/advisories/25675
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-200705-15.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/25289
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/1805
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/25772
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Resource:
vendor-advisory
x_refsource_OPENPKG
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/25270
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/468670/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2007/2281
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2007/2210
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.trustix.org/errata/2007/0017/
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: http://www.securitytracker.com/id?1018049
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/usn-460-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://securityreason.com/securityalert/2701
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://secunia.com/advisories/25241
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/25256
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://issues.rpath.com/browse/RPL-1366
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/25259
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.debian.org/security/2007/dsa-1291
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/archive/1/468548/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/25232
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/25251
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.ubuntu.com/usn/usn-460-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/25246
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/34698
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/25255
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.samba.org/samba/security/CVE-2007-2444.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/23974
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/25675
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://security.gentoo.org/glsa/glsa-200705-15.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/25289
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/1805
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/25772
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
vendor-advisory
x_refsource_OPENPKG
x_transferred
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/25270
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/468670/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2007/2281
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2007/2210
vdb-entry
x_refsource_VUPEN
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
vendor-advisory
x_refsource_HP
x_transferred
http://www.trustix.org/errata/2007/0017/
vendor-advisory
x_refsource_TRUSTIX
x_transferred
http://www.securitytracker.com/id?1018049
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/usn-460-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://securityreason.com/securityalert/2701
third-party-advisory
x_refsource_SREASON
x_transferred
http://secunia.com/advisories/25241
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/25256
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://issues.rpath.com/browse/RPL-1366
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/25259
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.debian.org/security/2007/dsa-1291
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/archive/1/468548/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/25232
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/25251
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.ubuntu.com/usn/usn-460-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/25246
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/34698
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/25255
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.samba.org/samba/security/CVE-2007-2444.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/23974
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/25675
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200705-15.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/25289
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/1805
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/25772
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Resource:
vendor-advisory
x_refsource_OPENPKG
x_transferred
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/25270
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/468670/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2281
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2210
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.trustix.org/errata/2007/0017/
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018049
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-460-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://securityreason.com/securityalert/2701
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://secunia.com/advisories/25241
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/25256
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-1366
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/25259
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1291
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/468548/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/25232
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/25251
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-460-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/25246
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/34698
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/25255
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.samba.org/samba/security/CVE-2007-2444.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/23974
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/25675
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:14 May, 2007 | 21:19
Updated At:23 Apr, 2026 | 00:35

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Samba
samba
>>samba>>3.0.23d
cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.0.24
cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.0.25
cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

Organization : Red Hat
Last Modified : 2007-05-15T00:00:00

Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References
HyperlinkSourceResource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980secalert@redhat.com
Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://osvdb.org/34698secalert@redhat.com
Broken Link
http://secunia.com/advisories/25232secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25241secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25246secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25251secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25255secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25256secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25259secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25270secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25289secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25675secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/25772secalert@redhat.com
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-15.xmlsecalert@redhat.com
Third Party Advisory
http://securityreason.com/securityalert/2701secalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906secalert@redhat.com
Mailing List
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1secalert@redhat.com
Broken Link
http://www.debian.org/security/2007/dsa-1291secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104secalert@redhat.com
Broken Link
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.htmlsecalert@redhat.com
Third Party Advisory
http://www.samba.org/samba/security/CVE-2007-2444.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/468548/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/468670/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23974secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018049secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2007/0017/secalert@redhat.com
Broken Link
http://www.ubuntu.com/usn/usn-460-1secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/usn-460-2secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1805secalert@redhat.com
Permissions Required
http://www.vupen.com/english/advisories/2007/2210secalert@redhat.com
Permissions Required
http://www.vupen.com/english/advisories/2007/2281secalert@redhat.com
Permissions Required
https://issues.rpath.com/browse/RPL-1366secalert@redhat.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://osvdb.org/34698af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/25232af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25241af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25246af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25251af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25255af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25256af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25259af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25270af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25289af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25675af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25772af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-15.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securityreason.com/securityalert/2701af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2007/dsa-1291af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.samba.org/samba/security/CVE-2007-2444.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/468548/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/468670/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23974af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018049af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2007/0017/af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.ubuntu.com/usn/usn-460-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/usn-460-2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1805af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2007/2210af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2007/2281af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://issues.rpath.com/browse/RPL-1366af854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/34698
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/25232
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25241
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25246
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25251
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25255
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25256
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25259
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25270
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25289
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25675
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25772
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200705-15.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://securityreason.com/securityalert/2701
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2007/dsa-1291
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.samba.org/samba/security/CVE-2007-2444.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/468548/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/468670/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/23974
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018049
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.trustix.org/errata/2007/0017/
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.ubuntu.com/usn/usn-460-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-460-2
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/1805
Source: secalert@redhat.com
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2007/2210
Source: secalert@redhat.com
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2007/2281
Source: secalert@redhat.com
Resource:
Permissions Required
Hyperlink: https://issues.rpath.com/browse/RPL-1366
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/34698
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/25232
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25241
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25246
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25251
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25255
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25256
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25259
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25270
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25289
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25675
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/25772
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200705-15.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://securityreason.com/securityalert/2701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2007/dsa-1291
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.samba.org/samba/security/CVE-2007-2444.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/468548/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/468670/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/23974
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018049
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.trustix.org/errata/2007/0017/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.ubuntu.com/usn/usn-460-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-460-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/1805
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2007/2210
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2007/2281
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://issues.rpath.com/browse/RPL-1366
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

650Records found

CVE-2016-3157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.90%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

Action-Not Available
Vendor-n/aXen ProjectCanonical Ltd.
Product-ubuntu_linuxxenn/a
CVE-2016-2856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-1.08% / 61.06%
||
7 Day CHG~0.00%
Published-14 Mar, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUDebian GNU/Linux
Product-glibcdebian_linuxubuntu_linuxn/a
CVE-2016-1576
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.46%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_touchubuntu_linuxubuntu_corelinux_kerneln/a
CVE-2016-1583
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-1.39% / 69.05%
||
7 Day CHG~0.00%
Published-27 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNovellDebian GNU/Linux
Product-suse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxsuse_linux_enterprise_debuginfosuse_linux_enterprise_serversuse_linux_enterprise_live_patchingsuse_linux_enterprise_module_for_public_cloudsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1240
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-9.78% / 94.96%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-tomcatdebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1238
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.78% / 51.41%
||
7 Day CHG~0.00%
Published-02 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Action-Not Available
Vendor-perln/aopenSUSEThe Apache Software FoundationDebian GNU/LinuxFedora Project
Product-spamassassindebian_linuxleapperlfedoran/a
CVE-2016-1247
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-4.86% / 90.97%
||
7 Day CHG~0.00%
Published-29 Nov, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

Action-Not Available
Vendor-n/aCanonical Ltd.F5, Inc.Debian GNU/LinuxFedora Project
Product-nginxdebian_linuxubuntu_linuxfedoran/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2016-10729
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.19% / 64.11%
||
7 Day CHG~0.00%
Published-24 Oct, 2018 | 21:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

Action-Not Available
Vendor-zmandan/aDebian GNU/LinuxRed Hat, Inc.
Product-amandadebian_linuxenterprise_linuxn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-1233
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.37% / 28.85%
||
7 Day CHG~0.00%
Published-26 Jan, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-fusedebian_linuxn/a
CVE-2016-1255
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.93%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxpostgresql-commonn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-3493
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-43.99% / 98.59%
||
7 Day CHG~0.00%
Published-17 Apr, 2021 | 04:20
Updated-28 Oct, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-11-10||Apply updates per vendor instructions.

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Action-Not Available
Vendor-Canonical Ltd.UbuntuLinux Kernel Organization, Inc
Product-ubuntu_linuxlinux kernelKernel
CWE ID-CWE-270
Privilege Context Switching Error
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-3491
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.63% / 45.74%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 01:40
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3492
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-1.55% / 72.00%
||
7 Day CHG~0.00%
Published-17 Apr, 2021 | 04:20
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ubuntu linux kernel shiftfs file system double free vulnerability

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Action-Not Available
Vendor-Canonical Ltd.Ubuntu
Product-ubuntu_linuxLinux kernel
CWE ID-CWE-415
Double Free
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-3490
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-27.48% / 97.83%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 01:40
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel eBPF bitwise ops ALU32 bounds tracking

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-0727
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.25% / 65.88%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CVE-2016-0728
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-3.65% / 88.22%
||
7 Day CHG~0.00%
Published-08 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLCLinux Kernel Organization, IncHP Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxserver_migration_packandroidlinux_kerneln/a
CVE-2016-0546
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-0.57% / 42.88%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxmariadbenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linuxenterprise_linux_hpc_node_eusenterprise_linux_serverenterprise_linux_workstationmysqlleapsolarislinuxenterprise_linux_hpc_nodeopensusen/a
CVE-2015-8312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 28.13%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.

Action-Not Available
Vendor-openafsn/aDebian GNU/Linux
Product-debian_linuxopenafsn/a
CVE-2021-3489
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.55% / 41.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 01:40
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel eBPF RINGBUF map oversized allocation

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8325
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 45.64%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 00:00
Updated-22 May, 2026 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

Action-Not Available
Vendor-n/aOpenBSDCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxopensshubuntu_touchubuntu_coren/a
CWE ID-CWE-1262
Improper Access Control for Register Interface
CVE-2015-5723
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.10%
||
7 Day CHG-0.00%
Published-07 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Action-Not Available
Vendor-doctrine-projectn/aPerforce Software, Inc.Debian GNU/Linux
Product-debian_linuxdoctrinemongodbbundlezf-apigility-doctrinezend_frameworkzend-cacheobject_relational_mappermongodb-odmannotationscommoncachen/a
CVE-2015-4819
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-0.45% / 36.05%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopsolarisenterprise_linux_server_euslinuxfedoraenterprise_linux_hpc_nodeenterprise_linux_server_ausenterprise_linux_hpc_node_eusn/a
CVE-2015-5277
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.59% / 43.80%
||
7 Day CHG~0.00%
Published-17 Dec, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.GNU
Product-ubuntu_linuxenterprise_linux_serverenterprise_linux_workstationglibcenterprise_linux_desktopenterprise_linux_hpc_noden/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5199
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 39.46%
||
7 Day CHG~0.00%
Published-08 Sep, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

Action-Not Available
Vendor-libvdpau_projectn/aCanonical Ltd.
Product-libvdpauubuntu_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-5260
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.57% / 43.24%
||
7 Day CHG~0.00%
Published-07 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Action-Not Available
Vendor-spice_projectn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxspiceenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5198
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.44%
||
7 Day CHG~0.00%
Published-08 Sep, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.

Action-Not Available
Vendor-libvdpau_projectn/aCanonical Ltd.
Product-libvdpauubuntu_linuxn/a
CVE-2015-3409
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.30%
||
7 Day CHG~0.00%
Published-19 May, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

Action-Not Available
Vendor-module-signature_projectn/aCanonical Ltd.
Product-module-signatureubuntu_linuxn/a
CVE-2015-2151
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.57% / 43.00%
||
7 Day CHG~0.00%
Published-12 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aXen ProjectDebian GNU/LinuxFedora Project
Product-debian_linuxxenfedoran/a
CVE-2008-0302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.69% / 48.23%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-apt-listchangesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1324
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.58%
||
7 Day CHG~0.00%
Published-25 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CVE-2015-1328
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-37.68% / 98.35%
||
7 Day CHG~0.00%
Published-28 Nov, 2016 | 03:01
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CVE-2015-1344
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.52%
||
7 Day CHG~0.00%
Published-07 Dec, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxlxcfsn/a
CVE-2015-1341
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.4||HIGH
EPSS-0.43% / 34.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:35
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apport privilege escalation through Python module imports

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

Action-Not Available
Vendor-Canonical Ltd.Ubuntu
Product-ubuntu_linuxapportApport
CWE ID-CWE-264
Not Available
CVE-2015-1336
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-1.05% / 60.03%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

Action-Not Available
Vendor-man-db_projectn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxman-dbn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-1335
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.2||HIGH
EPSS-0.46% / 36.61%
||
7 Day CHG~0.00%
Published-01 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Action-Not Available
Vendor-linuxcontainersn/aCanonical Ltd.
Product-lxcubuntu_linuxn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-1338
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.2||HIGH
EPSS-0.91% / 55.62%
||
7 Day CHG~0.00%
Published-01 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Action-Not Available
Vendor-apport_projectn/aCanonical Ltd.
Product-ubuntu_linuxapportn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-33909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.81% / 94.97%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 18:01
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Action-Not Available
Vendor-n/aFedora ProjectSonicWall Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxlinux_kernelhci_management_nodefedorasma1000_firmwarecommunications_session_border_controllersma1000solidfiren/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-8835
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-6.06% / 92.51%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 18:00
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel bpf verifier vulnerability

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Action-Not Available
Vendor-Linux kernelNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxa700s_firmwarea320_firmwarecloud_backupa400_firmwarefas2720fas2720_firmwareh300s_firmwareh410sc190h610s_firmwareh300ssteelstore_cloud_integrated_storageh300e_firmwareh610s8700fas2750_firmwarefas2750h500ehci_management_nodefedorah500s_firmwareh500e_firmwarea700sa220h700e8700_firmwareh610c_firmwareh610ch300ea800h500sh615c_firmwarea3208300_firmwaresolidfire8300a800_firmwarelinux_kernela400h410s_firmwareh700s_firmwarec190_firmwarea220_firmwareh700e_firmwareh615ch700sLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-0412
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-1.46% / 70.36%
||
7 Day CHG-0.06%
Published-21 Jan, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationNovellRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxjdkjresuse_linux_enterprise_serversuse_linux_enterprise_desktopenterprise_linuxopensusen/a
CVE-2014-9904
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.36%
||
7 Day CHG~0.00%
Published-27 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncNovell
Product-debian_linuxlinux_kernelsuse_linux_enterprise_real_time_extensionn/a
CVE-2021-3347
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 68.73%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 16:56
Updated-25 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-linux_kernelfedoradebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2014-7844
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.55% / 72.08%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 16:13
Updated-06 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

Action-Not Available
Vendor-bsd_mailx_projectBSDDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationbsd_mailxenterprise_linux_server_tusenterprise_linux_desktopmailx
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2014-8156
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.14%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

Action-Not Available
Vendor-phonefsod_projectfso-gsmd_projectfso-frameworkd_projectfso-usaged_projectn/aDebian GNU/Linux
Product-phonefsoddebian_linuxfso-frameworkdfso-gsmdfso-usagedn/a
CVE-2014-5195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.30% / 21.65%
||
7 Day CHG~0.00%
Published-07 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

Action-Not Available
Vendor-ayatana_projectn/aCanonical Ltd.
Product-ubuntu_linuxunityn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-3153
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-37.23% / 98.33%
||
7 Day CHG~0.00%
Published-07 Jun, 2014 | 14:00
Updated-21 Apr, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Red Hat, Inc.Oracle CorporationSUSELinux Kernel Organization, Inc
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_server_auslinux_kernelopensusen/aKernel
CVE-2021-3156
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-99.30% / 99.93%
||
7 Day CHG-0.01%
Published-26 Jan, 2021 | 00:00
Updated-10 Nov, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-27||Apply updates per vendor instructions.

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Action-Not Available
Vendor-sudo_projectn/aSudoDebian GNU/LinuxNetApp, Inc.McAfee, LLCOracle CorporationSynology, Inc.Fedora ProjectBeyondTrust Corporation
Product-micros_es400diskstation_manager_unified_controllercloud_backupweb_gatewayskynas_firmwarevs960hd_firmwaredebian_linuxmicros_workstation_6_firmwaresudomicros_es400_firmwarefedoraprivilege_management_for_unix\/linuxontap_select_deploy_administration_utilityactive_iq_unified_managermicros_workstation_5a_firmwaremicros_compact_workstation_3_firmwaremicros_kitchen_display_systemprivilege_management_for_macsolidfiremicros_compact_workstation_3oncommand_unified_manager_core_packagediskstation_managervs960hdhci_management_nodeontap_toolsmicros_workstation_6communications_performance_intelligence_centermicros_kitchen_display_system_firmwaretekelec_platform_distributionmicros_workstation_5askynasn/aSudo
CWE ID-CWE-193
Off-by-one Error
CVE-2021-29154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 56.29%
||
7 Day CHG-0.01%
Published-08 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-h300eh500scloud_backuph300s_firmwareh410sh300ssolidfireh300e_firmwaredebian_linuxlinux_kernelh500ehci_management_nodeh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh700e_firmwareh700sn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-2214
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.33% / 25.26%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:44
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLC
Product-androidubuntu_linuxAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-1070
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.15%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 00:37
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

Action-Not Available
Vendor-v86d_projectv86dDebian GNU/Linux
Product-v86ddebian_linuxv86d
CWE ID-CWE-863
Incorrect Authorization
CVE-2011-0712
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.91%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 12
  • 13
  • Next
Details not found