Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-5617

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-25 Nov, 2019 | 13:42
Updated At-06 Aug, 2024 | 21:14
Rejected At-
Credits

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:25 Nov, 2019 | 13:42
Updated At:06 Aug, 2024 | 21:14
Rejected At:
▼CVE Numbering Authority (CNA)

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

Affected Products
Vendor
gksu-polkit
Product
gksu-polkit
Versions
Affected
  • through 2012-12-03
Problem Types
TypeCWE IDDescription
textN/Aescalation due to improper authentication settings in policykit configuration file
Type: text
CWE ID: N/A
Description: escalation due to improper authentication settings in policykit configuration file
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security-tracker.debian.org/tracker/CVE-2012-5617
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5617
x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html
x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html
x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099739.html
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/12/8
x_refsource_MISC
http://www.securityfocus.com/bid/56918
x_refsource_MISC
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2012-5617
Resource:
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5617
Resource:
x_refsource_MISC
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099739.html
Resource:
x_refsource_MISC
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/12/8
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/56918
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security-tracker.debian.org/tracker/CVE-2012-5617
x_refsource_MISC
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5617
x_refsource_MISC
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html
x_refsource_MISC
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html
x_refsource_MISC
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099739.html
x_refsource_MISC
x_transferred
http://www.openwall.com/lists/oss-security/2012/12/12/8
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/56918
x_refsource_MISC
x_transferred
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2012-5617
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5617
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099739.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/12/8
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/56918
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:25 Nov, 2019 | 14:15
Updated At:02 Jun, 2021 | 13:35

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

gksu-polkit_project
gksu-polkit_project
>>gksu-polkit>>-
cpe:2.3:a:gksu-polkit_project:gksu-polkit:-:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>18
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.htmlsecalert@redhat.com
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.htmlsecalert@redhat.com
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099739.htmlsecalert@redhat.com
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/12/8secalert@redhat.com
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/56918secalert@redhat.com
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5617secalert@redhat.com
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2012-5617secalert@redhat.com
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099739.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/12/8
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/56918
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5617
Source: secalert@redhat.com
Resource:
Issue Tracking
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2012-5617
Source: secalert@redhat.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1059Records found

CVE-2013-4251
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 19:21
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Action-Not Available
Vendor-scipySciPyDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-scipydebian_linuxfedoraenterprise_linuxSciPy
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-4161
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.92%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 18:13
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.

Action-Not Available
Vendor-gksu-polkit_projectgksu-polkit-0.0.3-6.fc18Fedora Project
Product-fedoragksu-polkitgksu-polkit-0.0.3-6.fc18
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-25595
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.31%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 21:01
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-41974
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 44.68%
||
7 Day CHG~0.00%
Published-29 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

Action-Not Available
Vendor-opensvcn/aDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxmultipath-toolsn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-41032
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.33%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NuGet Client Elevation of Privilege Vulnerability

NuGet Client Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-visual_studio_2022visual_studio_2019.net_core.netfedora.NET Core 3.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10).NET 6.0Microsoft Visual Studio 2022 version 17.2Visual Studio 2022 for Mac version 17.3Microsoft Visual Studio 2022 version 17.3Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2022 version 17.0
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-1615
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.52%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:46
Updated-06 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

Action-Not Available
Vendor-sectoolFedora Project
Product-fedorasectoolsectool
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-31676
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.54% / 41.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Action-Not Available
Vendor-n/aFedora ProjectVMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-debian_linuxlinux_kernelontap_select_deploy_administration_utilityfedoratoolswindowsVMware Tools
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3843
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.91% / 55.68%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 20:27
Updated-09 Jun, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Action-Not Available
Vendor-systemd_projectNetApp, Inc.Fedora ProjectCanonical Ltd.freedesktop.org
Product-ubuntu_linuxcn1610hci_management_nodefedorasystemdcn1610_firmwaresnapprotectsolidfiresystemd
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-13405
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.01% / 58.86%
||
7 Day CHG-0.01%
Published-06 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverubuntu_linuxbig-ip_webacceleratorvirtualizationbig-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausenterprise_linux_ausbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllermrg_realtimeenterprise_linux_workstationfedoraenterprise_linux_eusbig-ip_access_policy_managerenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-22809
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-55.37% / 98.91%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Action-Not Available
Vendor-sudo_projectn/aDebian GNU/LinuxFedora ProjectApple Inc.
Product-sudodebian_linuxmacosfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-31214
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.16%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.

Action-Not Available
Vendor-firejail_projectn/aDebian GNU/LinuxFedora Project
Product-firejaildebian_linuxfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-0664
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Microsoft CorporationFedora Project
Product-qemufedoraenterprise_linuxwindowsQEMU
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4480
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:44
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mom creates world-writable pid files in /var/run

Action-Not Available
Vendor-ovirtmomFedora Project
Product-momfedoramom
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26880
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.16%
||
7 Day CHG+0.01%
Published-07 Oct, 2020 | 17:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

Action-Not Available
Vendor-sympan/aDebian GNU/LinuxFedora Project
Product-debian_linuxsympafedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24331
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 38.35%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 16:19
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).

Action-Not Available
Vendor-trousers_projectn/aFedora Project
Product-trousersfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24330
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 38.35%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 16:19
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.

Action-Not Available
Vendor-trousers_projectn/aFedora Project
Product-trousersfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-10936
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 39.13%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 17:38
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sympa before 6.2.56 allows privilege escalation.

Action-Not Available
Vendor-sympan/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxsympafedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-29661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 62.44%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 16:57
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncBroadcom Inc.NetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-a700s_firmwarea400_firmwaretekelec_platform_distributionactive_iq_unified_managerh410c_firmware8300_firmwaresolidfire_baseboard_management_controller8300debian_linuxlinux_kernel8700a400fedoraa700sh410cfabric_operating_systemsolidfire_baseboard_management_controller_firmware8700_firmwaren/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2024-27018
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.24% / 14.65%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 05:30
Updated-23 May, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
netfilter: br_netfilter: skip conntrack input hook for promisc packets

In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaround to reset conntrack for these packets. Jianbo Liu reports warning splats in their test infrastructure where cloned packets reach the br_netfilter input hook to confirm the conntrack object. Scratch one bit from BR_INPUT_SKB_CB to annotate that this packet has reached the input hook because it is passed up to the bridge device to reach the taps. [ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core [ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19 [ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 <0f> 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1 [ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202 [ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000 [ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000 [ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003 [ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000 [ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800 [ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000 [ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0 [ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.585440] Call Trace: [ 57.585721] <IRQ> [ 57.585976] ? __warn+0x7d/0x130 [ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.586811] ? report_bug+0xf1/0x1c0 [ 57.587177] ? handle_bug+0x3f/0x70 [ 57.587539] ? exc_invalid_op+0x13/0x60 [ 57.587929] ? asm_exc_invalid_op+0x16/0x20 [ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.588825] nf_hook_slow+0x3d/0xd0 [ 57.589188] ? br_handle_vlan+0x4b/0x110 [ 57.589579] br_pass_frame_up+0xfc/0x150 [ 57.589970] ? br_port_flags_change+0x40/0x40 [ 57.590396] br_handle_frame_finish+0x346/0x5e0 [ 57.590837] ? ipt_do_table+0x32e/0x430 [ 57.591221] ? br_handle_local_finish+0x20/0x20 [ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter] [ 57.592286] ? br_handle_local_finish+0x20/0x20 [ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter] [ 57.593348] ? br_handle_local_finish+0x20/0x20 [ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat] [ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter] [ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter] [ 57.595280] br_handle_frame+0x1f3/0x3d0 [ 57.595676] ? br_handle_local_finish+0x20/0x20 [ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0 [ 57.596566] __netif_receive_skb_core+0x25b/0xfc0 [ 57.597017] ? __napi_build_skb+0x37/0x40 [ 57.597418] __netif_receive_skb_list_core+0xfb/0x220

Action-Not Available
Vendor-Linux Kernel Organization, IncFedora Project
Product-fedoralinux_kernelLinux
CVE-2022-41973
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 47.00%
||
7 Day CHG~0.00%
Published-29 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

Action-Not Available
Vendor-opensvcn/aDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxmultipath-toolsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-4283
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.96% / 57.13%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.X.Org FoundationFedora Project
Product-debian_linuxfedoraenterprise_linuxx_serverxorg-x11-server
CWE ID-CWE-416
Use After Free
CVE-2022-42335
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.83%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-03 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.

Action-Not Available
Vendor-Fedora ProjectXen Project
Product-xenfedoraxen
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-41741
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7||HIGH
EPSS-0.76% / 50.62%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:20
Updated-08 May, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxF5, Inc.
Product-nginx_ingress_controllernginxdebian_linuxfedoraNGINXNGINX Open Source SubscriptionNGINX Plus
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 52.05%
||
7 Day CHG~0.00%
Published-13 Oct, 2022 | 00:00
Updated-15 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2022-40673
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.54%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 05:12
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.

Action-Not Available
Vendor-kdiskmark_projectn/aFedora Project
Product-kdiskmarkfedoran/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-38076
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.8||LOW
EPSS-0.27% / 19.27%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxFedora Project
Product-wireless-ac_9461wireless-ac_9560debian_linuxfedorakillerdual_band_wireless-ac_3165dual_band_wireless-ac_8260wireless-ac_9260dual_band_wireless-ac_3168wireless_7265_\(rev_d\)wireless-ac_9462killer_wireless-ac_1550dual_band_wireless-ac_8265uefi_firmwareproset\/wireless_wifiIntel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software
CWE ID-CWE-20
Improper Input Validation
CVE-2024-35949
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.24% / 14.84%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 09:17
Updated-11 May, 2026 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
btrfs: make sure that WRITTEN is set on all metadata blocks

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checking, because we could end up with corruption on disk where WRITTEN isn't set on the leaf, and then the extended leaf checks don't get run which we rely on to validate all of the item pointers to make sure we don't access memory outside of the extent buffer. However, since 732fab95abe2 ("btrfs: check-integrity: remove CONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call btrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only ever call it on blocks that are being written out, and thus have WRITTEN set, or that are being read in, which should have WRITTEN set. Add checks to make sure we have WRITTEN set appropriately, and then make sure __btrfs_check_leaf() always does the item checking. This will protect us from file systems that have been corrupted and no longer have WRITTEN set on some of the blocks. This was hit on a crafted image tweaking the WRITTEN bit and reported by KASAN as out-of-bound access in the eb accessors. The example is a dir item at the end of an eb. [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2 [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f] [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1 [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0 [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206 [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0 [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748 [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9 [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8 [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000 [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0 [2.621] Call Trace: [2.621] <TASK> [2.621] ? show_regs+0x74/0x80 [2.621] ? die_addr+0x46/0xc0 [2.621] ? exc_general_protection+0x161/0x2a0 [2.621] ? asm_exc_general_protection+0x26/0x30 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? btrfs_get_16+0x34b/0x6d0 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? __pfx_btrfs_get_16+0x10/0x10 [2.621] ? __pfx_mutex_unlock+0x10/0x10 [2.621] btrfs_match_dir_item_name+0x101/0x1a0 [2.621] btrfs_lookup_dir_item+0x1f3/0x280 [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10 [2.621] btrfs_get_tree+0xd25/0x1910 [ copy more details from report ]

Action-Not Available
Vendor-Fedora ProjectLinux Kernel Organization, Inc
Product-linux_kernelfedoraLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-54230
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.14% / 3.68%
||
7 Day CHG+0.02%
Published-13 Jun, 2026 | 02:34
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.

Action-Not Available
Vendor-Fedora ProjectABRTRed Hat, Inc.
Product-abrtfedoraenterprise_linuxRed Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2520
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.92%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.
Product-system-config-firewallfedoran/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-32250
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.13% / 86.31%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 20:51
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelh500sh410s_firmwarefedorah300s_firmwareh500s_firmwareh700s_firmwareh410c_firmwareh410sh410ch300sh700sn/a
CWE ID-CWE-416
Use After Free
CVE-2022-29968
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.07% / 60.84%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 04:00
Updated-03 Aug, 2024 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-linux_kernelh500sh410s_firmwaresolidfire_\&_hci_management_nodefedorah300s_firmwareh500s_firmwareh700s_firmwareh410c_firmwareh410sh410ch300sh700sn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2022-30786
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30789
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30784
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.40% / 31.86%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-30788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30785
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 31.13%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

Action-Not Available
Vendor-tuxeran/aDebian GNU/LinuxFedora Project
Product-ntfs-3gdebian_linuxfedoran/a
CVE-2022-29162
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 30.54%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 00:00
Updated-23 Apr, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Default Permissions in runc

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.

Action-Not Available
Vendor-opencontainersThe Linux FoundationFedora Project
Product-runcfedorarunc
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-29187
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.45% / 35.65%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass of safe.directory protections in Git

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

Action-Not Available
Vendor-git-scmgitDebian GNU/LinuxFedora ProjectApple Inc.
Product-xcodedebian_linuxfedoragitgit
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-282
Improper Ownership Management
CVE-2010-4661
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 33.19%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 20:57
Updated-07 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Action-Not Available
Vendor-udisks_projectudisksDebian GNU/LinuxRed Hat, Inc.openSUSEFedora Project
Product-debian_linuxudisksopensusefedoraenterprise_linuxudisks
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-27239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.56% / 42.35%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Action-Not Available
Vendor-n/aSUSEHP Inc.Debian GNU/LinuxSambaFedora Project
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_high_performance_computingmanager_serverlinux_enterprise_real_timehelion_openstackopenstack_cloudcifs-utilsmanager_proxymanager_retail_branch_serverlinux_enterprise_microdebian_linuxfedoralinux_enterprise_point_of_servicecaas_platformlinux_enterprise_desktoplinux_enterprise_storageenterprise_storageopenstack_cloud_crowbarn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28390
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.02%
||
7 Day CHG-0.00%
Published-03 Apr, 2022 | 20:07
Updated-21 Nov, 2024 | 06:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxNetApp, Inc.Linux Kernel Organization, Inc
Product-fedoradebian_linuxlinux_kernelhci_baseboard_management_controllern/a
CWE ID-CWE-415
Double Free
CVE-2022-27666
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.52% / 91.85%
||
7 Day CHG+0.99%
Published-23 Mar, 2022 | 05:07
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-h300evirtualizationh500senterprise_linuxh300s_firmwareh410c_firmwareh410sh300sh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh700sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26691
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.58% / 43.44%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 17:47
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-openprintingDebian GNU/LinuxFedora ProjectApple Inc.
Product-debian_linuxcupsfedoramac_os_xmacosmacOS
CWE ID-CWE-697
Incorrect Comparison
CVE-2022-26363
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 26.03%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 12:50
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CVE-2010-2959
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.2||HIGH
EPSS-3.78% / 88.63%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_high_availability_extensionlinux_enterprise_serverlinux_enterprise_real_timefedoralinux_kernelopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-26364
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-6.7||MEDIUM
EPSS-0.49% / 38.79%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 12:50
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CVE-2022-26490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.72%
||
7 Day CHG~0.00%
Published-06 Mar, 2022 | 03:58
Updated-21 Nov, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxNetApp, Inc.Linux Kernel Organization, Inc
Product-fedoradebian_linuxh410s_firmwareh500s_firmwareh500e_firmwareh700e_firmwareh500eh500sh300eh700s_firmwareh410sh410c_firmwareh700eh700sh300slinux_kernelh300s_firmwareh410ch300e_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26358
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.38%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CVE-2022-26360
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.38%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CVE-2022-24765
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6||MEDIUM
EPSS-0.78% / 51.50%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 00:00
Updated-16 Dec, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled search for the Git directory in Git for Windows

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.

Action-Not Available
Vendor-git-scmgit-for-windowsDebian GNU/LinuxMicrosoft CorporationApple Inc.Fedora Project
Product-debian_linuxfedoraxcodewindowsgitgit
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found