Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-1858

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jan, 2018 | 19:00
Updated At-06 Aug, 2024 | 09:58
Rejected At-
Credits

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jan, 2018 | 19:00
Updated At:06 Aug, 2024 | 09:58
Rejected At:
▼CVE Numbering Authority (CNA)

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
vendor-advisory
x_refsource_FEDORA
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
x_refsource_CONFIRM
https://github.com/numpy/numpy/pull/4262
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1062009
x_refsource_CONFIRM
http://www.securityfocus.com/bid/65441
vdb-entry
x_refsource_BID
https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
vdb-entry
x_refsource_XF
http://www.openwall.com/lists/oss-security/2014/02/08/3
mailing-list
x_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/numpy/numpy/pull/4262
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/65441
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/08/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
x_refsource_CONFIRM
x_transferred
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
x_refsource_CONFIRM
x_transferred
https://github.com/numpy/numpy/pull/4262
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1062009
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/65441
vdb-entry
x_refsource_BID
x_transferred
https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
vdb-entry
x_refsource_XF
x_transferred
http://www.openwall.com/lists/oss-security/2014/02/08/3
mailing-list
x_refsource_MLIST
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/numpy/numpy/pull/4262
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/65441
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/08/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jan, 2018 | 19:29
Updated At:30 Jan, 2018 | 14:44

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
numpy
numpy
>>numpy>>Versions before 1.8.1(exclusive)
cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.htmlcve@mitre.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.htmlcve@mitre.org
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/02/08/3cve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/65441cve@mitre.org
Third Party Advisory
VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778cve@mitre.org
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1062009cve@mitre.org
Issue Tracking
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/91318cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rstcve@mitre.org
Third Party Advisory
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15cve@mitre.org
Third Party Advisory
https://github.com/numpy/numpy/pull/4262cve@mitre.org
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/08/3
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/65441
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/numpy/numpy/pull/4262
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

65Records found
CVE-2017-18798
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.31%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:35
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d500_firmwared1500r6800d7000d500d1500_firmwared7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.06% / 17.05%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:41
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6220_firmwarepr2000r6400_firmwarejwnr2010d7800r7100lgr8000pwndr4300_firmwared6220r6800r7100lg_firmwarer7300dst_firmwarer7500_firmwarer6050pr2000_firmwarer8300r8500_firmwarewnr1000_firmwarer6220r8000p_firmwared6400_firmwarewndr4500r7300dstd6220_firmwared8500_firmwarer7900pd7800_firmwared7000r8500r9000_firmwared8500d7000_firmwarer6700r8300_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarer6900d6400r7500r9000r6900_firmwarer6050_firmwarer7800wnr2050jr6150_firmwarejr6150wnr2050_firmwarewndr4300jnr1010r7800_firmwarer6400r6700_firmwarer7900p_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15709
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-05 Sep, 2020 | 03:30
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
add-apt-repository print ASNI terminal codes

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.

Action-Not Available
Vendor-Canonical Ltd.
Product-add-apt-repositoryadd-apt-repository
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2669
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 25.53%
||
7 Day CHG~0.00%
Published-27 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.12%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 17:54
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r7800_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 22.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 11:51
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-0317
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.52%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:33
Updated-21 Apr, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in AKPublic.Verify in go-attestation

An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above.

Action-Not Available
Vendor-Google LLC
Product-go-attestationgo-attestation
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1319
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-2.1||LOW
EPSS-0.06% / 19.26%
||
7 Day CHG~0.00%
Published-17 Sep, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.64%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 15:57
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.

Action-Not Available
Vendor-sylabsn/aThe Linux Foundation
Product-umocisingularityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1360
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 23.02%
||
7 Day CHG~0.00%
Published-01 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25411
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-exynos_9610exynos_9810androidexynos_9830exynos_9820Samsung Mobile Devices
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25416
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-exynos_9610exynos_9810androidexynos_9830exynos_9820Samsung Mobile Devices
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4354
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 18.72%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Action-Not Available
Vendor-n/aOpenStack
Product-image_registry_and_delivery_service_\(glance\)n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0377
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:59
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8324
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5||MEDIUM
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoAppScenarioPluginSystem for Lenovo System Interface Foundation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found