Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-2152

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-21 Jan, 2014 | 18:00
Updated At-06 Aug, 2024 | 15:27
Rejected At-
Credits

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:21 Jan, 2014 | 18:00
Updated At:06 Aug, 2024 | 15:27
Rejected At:
▼CVE Numbering Authority (CNA)

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2013-0924.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/84866
vdb-entry
x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2013-0925.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/60475
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=971172
x_refsource_MISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0924.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/84866
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0925.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/60475
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=971172
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2013-0924.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/84866
vdb-entry
x_refsource_XF
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0925.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/60475
vdb-entry
x_refsource_BID
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=971172
x_refsource_MISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0924.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/84866
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0925.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/60475
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=971172
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:21 Jan, 2014 | 18:55
Updated At:29 Apr, 2026 | 01:13

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Red Hat, Inc.
redhat
>>enterprise_virtualization>>3.2
cpe:2.3:a:redhat:enterprise_virtualization:3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2013-0924.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0925.htmlsecalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/60475secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=971172secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/84866secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0924.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0925.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/60475af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=971172af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/84866af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0924.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0925.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/60475
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=971172
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/84866
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0924.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0925.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/60475
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=971172
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/84866
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

185Records found

CVE-2015-3315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.81% / 90.89%
||
7 Day CHG~0.00%
Published-26 Jun, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_eusautomatic_bug_reporting_toolenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-3150
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.40% / 31.76%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 17:34
Updated-06 Aug, 2024 | 05:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.

Action-Not Available
Vendor-Red Hat, Inc.ABRT
Product-automatic_bug_reporting_toolABRT
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1869
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 33.31%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 17:31
Updated-06 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

Action-Not Available
Vendor-Red Hat, Inc.ABRT
Product-automatic_bug_reporting_toolABRT
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-1795
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 36.51%
||
7 Day CHG~0.00%
Published-27 Jun, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-gluster_storageenterprise_linuxn/a
CVE-2015-0412
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-1.46% / 70.36%
||
7 Day CHG-0.06%
Published-21 Jan, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationNovellRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxjdkjresuse_linux_enterprise_serversuse_linux_enterprise_desktopenterprise_linuxopensusen/a
CVE-2014-7300
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.49%
||
7 Day CHG~0.00%
Published-25 Dec, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

Action-Not Available
Vendor-n/aThe GNOME ProjectRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_hpc_nodegnome-shelln/a
CVE-2014-7844
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.55% / 72.08%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 16:13
Updated-06 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

Action-Not Available
Vendor-bsd_mailx_projectBSDDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationbsd_mailxenterprise_linux_server_tusenterprise_linux_desktopmailx
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2014-3153
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-37.23% / 98.33%
||
7 Day CHG~0.00%
Published-07 Jun, 2014 | 14:00
Updated-21 Apr, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Red Hat, Inc.Oracle CorporationSUSELinux Kernel Organization, Inc
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_server_auslinux_kernelopensusen/aKernel
CVE-2013-2151
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.30%
||
7 Day CHG~0.00%
Published-21 Jan, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualizationn/a
CVE-2008-2359
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.30% / 22.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration.

Action-Not Available
Vendor-fedora_8n/aRed Hat, Inc.
Product-consolehelperfedora_8n/a
CVE-2011-2525
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.50% / 38.90%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-2517
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.70%
||
7 Day CHG~0.00%
Published-24 May, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_kernelenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4288
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.34% / 26.20%
||
7 Day CHG~0.00%
Published-03 Oct, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

Action-Not Available
Vendor-polkit_projectn/aCanonical Ltd.openSUSERed Hat, Inc.
Product-ubuntu_linuxopensusepolkitenterprise_linuxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2013-4535
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.96% / 57.12%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 15:35
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopQEMU
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4364
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 33.27%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 19:00
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-2698
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 93.53%
||
7 Day CHG~0.00%
Published-27 Aug, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSERed Hat, Inc.VMware (Broadcom Inc.)Fedora Project
Product-enterprise_linux_eusubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopvcenter_serverlinux_enterprise_serveresxienterprise_linux_server_ausfedoralinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-3080
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.42% / 33.54%
||
7 Day CHG~0.00%
Published-20 Nov, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/LinuxVMware (Broadcom Inc.)
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopenterprise_linux_serveresxenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_workstationfedoraenterprise_linux_eusvirtualizationlinux_kernelopensusen/a
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2013-1813
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.62% / 45.50%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

Action-Not Available
Vendor-busyboxt-mobilen/aRed Hat, Inc.
Product-tm-ac1900busyboxenterprise_linuxn/a
CVE-2001-0872
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.87% / 54.39%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

Action-Not Available
Vendor-n/aOpenBSDRed Hat, Inc.SUSE
Product-linuxsuse_linuxopensshn/a
CVE-2018-10901
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.52% / 40.34%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_serverlinux_kernelenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopkernel:
CWE ID-CWE-665
Improper Initialization
CVE-2012-1097
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.07%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_enterprise_desktoplinux_enterprise_high_availability_extensionlinux_enterprise_serverenterprise_mrglinux_kernelenterprise_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-45417
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 38.77%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Action-Not Available
Vendor-advanced_intrusion_detection_environment_projectn/aCanonical Ltd.Red Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoravirtualization_hostenterprise_linuxovirt-nodeadvanced_intrusion_detection_environmentn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20292
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.87% / 54.46%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 10:42
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinux_kernelfedoraenterprise_linuxkernel
CWE ID-CWE-416
Use After Free
CVE-2021-20225
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-1.02% / 59.10%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:44
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUFedora Project
Product-enterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_server_tusgrub2grub2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20233
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.61% / 44.86%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:44
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUFedora Project
Product-enterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_server_tusgrub2grub2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3864
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.40% / 31.88%
||
7 Day CHG-0.00%
Published-27 Oct, 2020 | 20:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-enterprise_linux_serveritunesiphone_osipadostvossafarienterprise_linux_workstationenterprise_linux_desktopicloudiTunes for WindowsiCloud for WindowsSafaritvOSiOS and iPadOS
CWE ID-CWE-346
Origin Validation Error
CVE-2020-27786
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.66% / 73.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 04:05
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelcloud_backupopenshift_container_platformenterprise_linuxenterprise_mrgsolidfire_baseboard_management_controllerkernel
CWE ID-CWE-416
Use After Free
CVE-2020-27777
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.50% / 39.22%
||
7 Day CHG-0.01%
Published-15 Dec, 2020 | 16:57
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-openshift_container_platformenterprise_linuxlinux_kernelkernel
CWE ID-CWE-862
Missing Authorization
CVE-2020-27749
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.57% / 43.13%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:40
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUFedora Project
Product-enterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_server_tusgrub2grub2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25632
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-1.15% / 63.07%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:40
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUFedora Project
Product-enterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_server_tusgrub2grub2
CWE ID-CWE-416
Use After Free
CVE-2020-25647
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.6||HIGH
EPSS-0.79% / 51.90%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:40
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUFedora Project
Product-enterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_server_tusgrub2grub2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25637
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.53% / 40.81%
||
7 Day CHG+0.01%
Published-06 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.openSUSE
Product-libvirtleaplibvirt
CWE ID-CWE-415
Double Free
CVE-2020-14331
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.56% / 42.69%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 18:51
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelLinux Kernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14356
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.97% / 57.35%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:37
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelcloud_backuphci_management_nodeenterprise_linuxactive_iq_unified_managersolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controllersolidfireleapKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-3896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.42% / 33.51%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 23:40
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.The Linux Foundation
Product-enterprise_linux_serverlinux_kernelenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopkernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-415
Double Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found