Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0730

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-11 May, 2010 | 23:00
Updated At-07 Aug, 2024 | 00:59
Rejected At-
Credits

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:11 May, 2010 | 23:00
Updated At:07 Aug, 2024 | 00:59
Rejected At:
▼CVE Numbering Authority (CNA)

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2010/05/07/1
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/39979
vdb-entry
x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/39649
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/43315
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0398.html
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100088287
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://bugzilla.redhat.com/show_bug.cgi?id=572971
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2010/05/07/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/39979
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/39649
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/43315
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0398.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.avaya.com/css/P8/documents/100088287
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/516397/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=572971
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2010/05/07/1
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/39979
vdb-entry
x_refsource_BID
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/39649
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/43315
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0398.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
x_refsource_CONFIRM
x_transferred
http://support.avaya.com/css/P8/documents/100088287
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/516397/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=572971
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2010/05/07/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/39979
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/39649
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/43315
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0398.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.avaya.com/css/P8/documents/100088287
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/516397/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=572971
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:12 May, 2010 | 11:46
Updated At:29 Apr, 2026 | 01:13

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.6LOW
AV:N/AC:H/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:P
CPE Matches

Red Hat, Inc.
redhat
>>enterprise_linux>>5
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5
cpe:2.3:o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5
cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5
cpe:2.3:o:redhat:enterprise_linux:5:ga:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5
cpe:2.3:o:redhat:enterprise_linux:5:ga:client:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5
cpe:2.3:o:redhat:enterprise_linux:5:ga:server:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.18
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Per: http://secunia.com/advisories/39649 'Successful exploitation requires a 32bit system and access to an MMIO region.'
Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://secunia.com/advisories/39649secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/43315secalert@redhat.com
N/A
http://support.avaya.com/css/P8/documents/100088287secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2010/05/07/1secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2010-0398.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/39979secalert@redhat.com
N/A
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlsecalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=572971secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430secalert@redhat.com
N/A
http://secunia.com/advisories/39649af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43315af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/css/P8/documents/100088287af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2010/05/07/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0398.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/39979af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=572971af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/39649
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43315
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100088287
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2010/05/07/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0398.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/516397/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/39979
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=572971
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/39649
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43315
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100088287
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2010/05/07/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0398.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/516397/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/39979
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=572971
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

820Records found

CVE-2010-3862
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-2.61% / 83.54%
||
7 Day CHG~0.00%
Published-30 Dec, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformjboss_remotingjboss_enterprise_web_platformn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-10345
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-2.44% / 82.34%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-jrockite-series_santricity_management_plug-insdebian_linuxjreenterprise_linux_server_tusoncommand_performance_managerenterprise_linux_desktopstorage_replication_adapter_for_clustered_data_ontaponcommand_balancevasa_provider_for_clustered_data_ontapenterprise_linux_server_ausoncommand_unified_manageroncommand_insightplug-in_for_symantec_netbackupsteelstore_cloud_integrated_storagecloud_backupactive_iq_unified_managersnapmanageroncommand_workflow_automationjdkenterprise_linux_serverenterprise_linux_workstationsatellitevirtual_storage_consoleoncommand_shifte-series_santricity_storage_managerenterprise_linux_euse-series_santricity_web_servicese-series_santricity_os_controllerelement_softwareJava
CVE-2016-9585
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.16% / 63.31%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 15:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformEAP-5
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2005-3275
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-3.34% / 87.19%
||
7 Day CHG~0.00%
Published-20 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2002-0069
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-2.78% / 84.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.

Action-Not Available
Vendor-squidn/aRed Hat, Inc.
Product-squidlinuxn/a
CVE-2019-7317
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-9.39% / 94.81%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 07:00
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Action-Not Available
Vendor-libpngn/aOracle CorporationMozilla CorporationCanonical Ltd.Debian GNU/LinuxNetApp, Inc.HP Inc.SUSEHewlett Packard Enterprise (HPE)openSUSERed Hat, Inc.
Product-enterprise_linux_desktoponcommand_workflow_automationhyperion_infrastructure_technologyjdkenterprise_linuxxp7_command_viewmysqlxp7_command_view_advanced_edition_suiteenterprise_linux_for_ibm_z_systemsjava_seenterprise_linux_for_power_little_endiansatellitee-series_santricity_storage_managerlinux_enterprisepackage_hubenterprise_linux_for_power_big_endianlibpngleapcloud_backupe-series_santricity_managementdebian_linuxfirefoxubuntu_linuxe-series_santricity_unified_managerthunderbirdsnapmanagere-series_santricity_web_servicesplug-in_for_symantec_netbackuponcommand_insightenterprise_linux_for_scientific_computingenterprise_linux_workstationsteelstoreactive_iq_unified_managern/a
CWE ID-CWE-416
Use After Free
CVE-2005-3110
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-3.38% / 87.32%
||
7 Day CHG~0.00%
Published-30 Sep, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2019-2945
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-3.36% / 87.26%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-14907
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 00:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxSambaFedora ProjectSynology, Inc.Red Hat, Inc.
Product-storagedebian_linuxenterprise_linuxdiskstation_managerdirectory_serverubuntu_linuxrouter_managerskynassambafedorasamba
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14850
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-1.60% / 72.86%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 18:56
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.

Action-Not Available
Vendor-nbdkit_projectn/aRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linuxvirtualizationnbdkitnbdkit
CWE ID-CWE-406
Insufficient Control of Network Message Volume (Network Amplification)
CVE-2010-4265
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-2.13% / 79.74%
||
7 Day CHG~0.00%
Published-30 Dec, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformjboss_remotingjboss_enterprise_web_platformn/a
CVE-2014-2431
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-4.92% / 91.07%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

Action-Not Available
Vendor-n/aMariaDB FoundationRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tussolarisenterprise_linux_server_ausenterprise_linux_eusn/a
CVE-2013-5908
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-4.67% / 90.65%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_server_ausenterprise_linux_eusn/a
CVE-2019-2449
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-2.98% / 85.63%
||
7 Day CHG+0.26%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.Oracle Corporation
Product-enterprise_linux_serversnapmanagerjreenterprise_linux_workstationenterprise_linuxenterprise_linux_eussatellitejdkoncommand_workflow_automationoncommand_unified_managerenterprise_linux_desktopJava
CVE-2021-3597
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.06% / 60.47%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 18:19
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-single_sign-onopenshift_application_runtimesenterprise_linuxactive_iq_unified_managerundertowoncommand_workflow_automationjboss_enterprise_application_platformfuseoncommand_insightundertow
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-18351
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.55% / 83.13%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2007-2172
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.43% / 34.65%
||
7 Day CHG~0.00%
Published-22 Apr, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-18354
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.42% / 69.68%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3532
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.45% / 35.76%
||
7 Day CHG~0.00%
Published-19 Jul, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Action-Not Available
Vendor-mageian/aopenSUSEOracle CorporationLinux Kernel Organization, Incfreedesktop.orgDebian GNU/Linux
Product-debian_linuxdbusmageiasolarislinux_kernelopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1289
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.86% / 54.25%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxenterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16889
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 41.26%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 14:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Action-Not Available
Vendor-The Ceph ProjectRed Hat, Inc.
Product-cephceph
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-1183
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-65.69% / 99.17%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 15:04
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

Action-Not Available
Vendor-libreofficen/aRed Hat, Inc.Fedora Project
Product-fedoralibreofficeenterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7FedoralibreofficeRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-12173
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.50% / 71.16%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Action-Not Available
Vendor-SSSDRed Hat, Inc.Fedora Project
Product-enterprise_linux_serverenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationsssdenterprise_linux_desktopsssd
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-9980
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-0.12% / 2.51%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14680
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.75% / 88.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2018 | 23:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Action-Not Available
Vendor-cabextractcabextract_projectn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxlibmspackdebian_linuxenterprise_linux_workstationenterprise_linux_desktopcabextractansible_towern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12171
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-8.08% / 94.11%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-enterprise_linux_serverhttp_serverenterprise_linux_workstationenterprise_linuxenterprise_linux_desktophttpd
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12197
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.51% / 71.39%
||
7 Day CHG-0.03%
Published-18 Jan, 2018 | 21:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

Action-Not Available
Vendor-libpam4j_projectDebian GNU/LinuxRed Hat, Inc.
Product-libpam4jdebian_linuxenterprise_linuxlibpam4j
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14635
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.53% / 82.97%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 19:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-openstackneutronopenstack-neutron
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0615
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.71%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2007-1349
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.11% / 95.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.
Product-ubuntu_linuxsatelliteenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmod_perlenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12547
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 84.39%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 15:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

Action-Not Available
Vendor-Eclipse Foundation AISBLRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationsatelliteenterprise_linux_desktopopenj9Eclipse OpenJ9
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-4904
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-1.23% / 65.34%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

Action-Not Available
Vendor-c-ares_projectn/aFedora ProjectRed Hat, Inc.
Product-software_collectionsc-aresenterprise_linuxfedorac-ares
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26273
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 35.65%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 17:04
Updated-06 Nov, 2024 | 21:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar security bypass

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelSecurity QRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10874
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.48% / 38.31%
||
7 Day CHG~0.00%
Published-02 Jul, 2018 | 13:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-ansible_engineopenstackvirtualizationvirtualization_hostansible
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1070
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 53.96%
||
7 Day CHG+0.01%
Published-12 Jun, 2018 | 13:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-openshift_container_platformrouting
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10843
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.5||HIGH
EPSS-1.36% / 68.40%
||
7 Day CHG+0.01%
Published-02 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-openshift_container_platformsource-to-image
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1060
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.10% / 91.34%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.Python Software FoundationDebian GNU/LinuxCanonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationfedoraenterprise_linux_desktoppythonansible_towerpython
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1086
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.65% / 73.72%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 16:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

Action-Not Available
Vendor-clusterlabsDebian GNU/LinuxRed Hat, Inc.
Product-pacemaker_command_line_interfacedebian_linuxenterprise_linux_server_euspcs
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-11232
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.55%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 04:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43903
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 44.71%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 23:49
Updated-26 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27824
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.61% / 72.99%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 13:56
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-uclouvainn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-openjpegdebian_linuxfedoraenterprise_linuxopenjpeg
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-9969
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.85%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2006-1522
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.44% / 35.15%
||
7 Day CHG~0.00%
Published-10 Apr, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25626
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.29% / 66.66%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 19:24
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Action-Not Available
Vendor-encoden/aDebian GNU/LinuxRed Hat, Inc.
Product-django_rest_frameworkdebian_linuxceph_storageDjango REST Framework
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25717
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.61% / 73.02%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSambaFedora ProjectRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxvirtualizationsambaenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_ausopenstackvirtualization_hostenterprise_linuxenterprise_linux_desktopgluster_storageenterprise_linux_tuscodeready_linux_builderenterprise_linux_for_scientific_computingdebian_linuxenterprise_linux_workstationfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusenterprise_linux_resilient_storageenterprise_linux_for_power_big_endiansamba
CWE ID-CWE-20
Improper Input Validation
CVE-2006-1528
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.44% / 35.43%
||
7 Day CHG~0.00%
Published-18 May, 2006 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-7207
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.00%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 22:17
Updated-30 Sep, 2024 | 19:03
Rejected-30 Sep, 2024 | 19:03
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Duplicate of CVE-2024-45806.

Action-Not Available
Vendor-envoyproxyRed Hat, Inc.
Product-envoyopenshift_service_mesh
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0620
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.63% / 45.88%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-androidlinux_kernelAndroid
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0458
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-1.58% / 72.49%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9901
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.92% / 85.33%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-enterprise_linux_eusenterprise_linux_ausfirefoxenterprise_linux_desktopenterprise_linux_serverenterprise_linux_workstationFirefoxFirefox ESR
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found