Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-5154

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-12 Aug, 2015 | 14:00
Updated At-06 Aug, 2024 | 06:32
Rejected At-
Credits

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:12 Aug, 2015 | 14:00
Updated At:06 Aug, 2024 | 06:32
Rejected At:
▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/76048
vdb-entry
x_refsource_BID
http://xenbits.xen.org/xsa/advisory-138.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201510-02
vendor-advisory
x_refsource_GENTOO
http://www.securitytracker.com/id/1033074
vdb-entry
x_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3348
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1508.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1507.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
vendor-advisory
x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2015-1512.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201604-03
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
vendor-advisory
x_refsource_SUSE
http://support.citrix.com/article/CTX201593
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/76048
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://xenbits.xen.org/xsa/advisory-138.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201510-02
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securitytracker.com/id/1033074
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.debian.org/security/2015/dsa-3348
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1508.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1507.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1512.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201604-03
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://support.citrix.com/article/CTX201593
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/76048
vdb-entry
x_refsource_BID
x_transferred
http://xenbits.xen.org/xsa/advisory-138.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201510-02
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securitytracker.com/id/1033074
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.debian.org/security/2015/dsa-3348
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1508.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1507.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1512.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201604-03
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://support.citrix.com/article/CTX201593
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/76048
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://xenbits.xen.org/xsa/advisory-138.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201510-02
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securitytracker.com/id/1033074
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.debian.org/security/2015/dsa-3348
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1508.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1507.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1512.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201604-03
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://support.citrix.com/article/CTX201593
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:12 Aug, 2015 | 14:59
Updated At:06 May, 2026 | 22:30

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Xen Project
xen
>>xen>>Versions up to 4.5.0(inclusive)
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.1
cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_debuginfo>>11
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>11
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>12
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>11
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_server>>12
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>21
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>22
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>23
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>Versions up to 2.3.0(inclusive)
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.htmlsecalert@redhat.com
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.htmlsecalert@redhat.com
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.htmlsecalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.htmlsecalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.htmlsecalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2015-1507.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2015-1508.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2015-1512.htmlsecalert@redhat.com
N/A
http://support.citrix.com/article/CTX201593secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2015/dsa-3348secalert@redhat.com
N/A
http://www.securityfocus.com/bid/76048secalert@redhat.com
N/A
http://www.securitytracker.com/id/1033074secalert@redhat.com
N/A
http://xenbits.xen.org/xsa/advisory-138.htmlsecalert@redhat.com
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201510-02secalert@redhat.com
Third Party Advisory
https://security.gentoo.org/glsa/201604-03secalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1507.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1508.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1512.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://support.citrix.com/article/CTX201593af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2015/dsa-3348af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/76048af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1033074af854a3a-2127-422b-91ae-364da2661108
N/A
http://xenbits.xen.org/xsa/advisory-138.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201510-02af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201604-03af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1507.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1508.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1512.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.citrix.com/article/CTX201593
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2015/dsa-3348
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/76048
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1033074
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://xenbits.xen.org/xsa/advisory-138.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201510-02
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201604-03
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1507.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1508.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1512.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.citrix.com/article/CTX201593
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2015/dsa-3348
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/76048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1033074
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://xenbits.xen.org/xsa/advisory-138.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201510-02
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201604-03
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1033Records found

CVE-2019-14821
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 50.86%
||
7 Day CHG~0.00%
Published-19 Sep, 2019 | 17:37
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Action-Not Available
Vendor-Red Hat, Inc.openSUSENetApp, Inc.Debian GNU/LinuxFedora ProjectCanonical Ltd.Linux Kernel Organization, IncOracle Corporation
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausvirtualization_hosth300s_firmwareh410c_firmwareh410sh610s_firmwareh300sh300e_firmwareh610sh500ehci_management_nodeenterprise_linux_workstationfedorah500s_firmwareh500e_firmwareenterprise_linux_eush700eaff_a700s_firmwareenterprise_linux_desktopleapdata_availability_servicesh300esd-wan_edgeh500senterprise_linuxaff_a700ssolidfiredebian_linuxlinux_kernelh410s_firmwareh700s_firmwareh410centerprise_linux_server_tush700e_firmwareh700senterprise_linux_for_real_timeKernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-0714
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-51.61% / 98.81%
||
7 Day CHG~0.00%
Published-14 May, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.

Action-Not Available
Vendor-n/aSUSENovellRed Hat, Inc.HP Inc.Microsoft Corporation
Product-netwaresuse_linuxwindowslinuxdata_protector_expressn/a
CVE-2009-0115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 38.80%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Action-Not Available
Vendor-christophe.varoquin/aopenSUSEJuniper Networks, Inc.Avaya LLCNovellSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktopmessaging_storage_serverintuity_audix_lxopen_enterprise_serverlinux_enterprise_serverfedoractpviewmultipath-toolsmessage_networkingopensusen/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-13272
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-52.20% / 98.83%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 12:32
Updated-06 Nov, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-10||Apply updates per vendor instructions.

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.NetApp, Inc.Red Hat, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h410centerprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_ibm_z_systemsdebian_linuxe-series_performance_analyzerh410c_firmwarehci_compute_nodesteelstore_cloud_integrated_storagefedoraenterprise_linux_for_real_time_for_nfv_tusactive_iq_unified_managersolidfireenterprise_linux_for_arm_64aff_a700subuntu_linuxh610sservice_processorhci_management_nodeenterprise_linux_for_real_timeaff_a700s_firmwareh610s_firmwaree-series_santricity_os_controllerlinux_kernelenterprise_linux_for_real_time_tusn/aKernel
CVE-2008-4553
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.34%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

Action-Not Available
Vendor-n/aDebian GNU/LinuxQEMU
Product-debian_linuxqemun/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-2812
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncAvaya LLCNovellSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxsip_enablement_servicesproactive_contactsuse_linux_enterprise_serverlinux_desktopmessaging_storage_serverexpanded_meet-me_conferencingmeeting_exchangecommunication_managerintuity_audix_lxsuse_linux_enterprise_desktoplinux_kernelmessage_networkingopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-18.40% / 96.88%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 18:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Action-Not Available
Vendor-n/aCanonical Ltd.Xen ProjectCitrix (Cloud Software Group, Inc.)Apple Inc.FreeBSD FoundationDebian GNU/LinuxSynology, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxfreebsddebian_linuxxenserverenterprise_linux_workstationmac_os_xenterprise_virtualization_managerskynasdiskstation_managerxenn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2007-6601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.57% / 72.42%
||
7 Day CHG~0.00%
Published-09 Jan, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectThe PostgreSQL Global Development Group
Product-postgresqldebian_linuxfedoran/a
CWE ID-CWE-287
Improper Authentication
CVE-2007-6167
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.44% / 35.10%
||
7 Day CHG~0.00%
Published-29 Nov, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2007-5730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.61% / 44.68%
||
7 Day CHG~0.00%
Published-30 Oct, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.

Action-Not Available
Vendor-n/aXen ProjectQEMUDebian GNU/Linux
Product-debian_linuxxenqemun/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-15115
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.29%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSEDebian GNU/Linux
Product-linux_enterprise_serverdebian_linuxubuntu_linuxlinux_kernelLinux kernel before 4.14-rc6
CWE ID-CWE-416
Use After Free
CVE-2007-1321
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.46% / 36.97%
||
7 Day CHG~0.00%
Published-30 Oct, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Action-Not Available
Vendor-n/aQEMUXen ProjectDebian GNU/LinuxFedora Project
Product-debian_linuxqemuxenfedorafedora_coren/a
CVE-2022-1998
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.32% / 24.20%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 14:46
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410s_firmwarefedorah410c_firmwareenterprise_linuxh300s_firmwareh500s_firmwareh700s_firmwareh410sh410ch300sh700sKernel
CWE ID-CWE-416
Use After Free
CVE-2019-0211
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-65.00% / 99.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 21:31
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Action-Not Available
Vendor-NetApp, Inc.Oracle CorporationRed Hat, Inc.The Apache Software FoundationopenSUSECanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_for_ibm_z_systemsjboss_core_servicesenterprise_linuxinstantis_enterprisetrackenterprise_linux_eusretail_xstore_point_of_serviceubuntu_linuxenterprise_linux_for_power_little_endianenterprise_manager_ops_centeropenshift_container_platformenterprise_linux_for_arm_64_eushttp_serversoftware_collectionscommunications_session_report_managerdebian_linuxenterprise_linux_server_ausenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_server_tusfedoraenterprise_linux_for_arm_64openshift_container_platform_for_powerleapcommunications_session_route_manageroncommand_unified_managerApache HTTP ServerHTTP Server
CWE ID-CWE-416
Use After Free
CVE-2007-1320
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.77%
||
7 Day CHG~0.00%
Published-02 May, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

Action-Not Available
Vendor-n/aopenSUSEQEMUXen ProjectDebian GNU/LinuxFedora Project
Product-debian_linuxqemuxenfedorafedora_coreopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1602
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.19%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 06:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

Action-Not Available
Vendor-n/aSUSE
Product-linux_enterprise_serverlinux_enterprise_desktopsuse_linux_enterprise_serversupportconfig
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0745
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.61%
||
7 Day CHG~0.00%
Published-21 Mar, 2006 | 02:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)X.Org FoundationSun Microsystems (Oracle Corporation)Red Hat, Inc.SUSE
Product-x11r6solarismandrake_linuxsuse_linuxx11r7fedora_coren/a
CVE-2022-0995
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-6.20% / 92.64%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:03
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h300eh500sh615c_firmwareh300s_firmwareh410c_firmwareh410sh610c_firmwareh610s_firmwareh300sh300e_firmwareh610slinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh615ch700sh610ckernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2002-0762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.36% / 28.37%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2018-19966
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 35.20%
||
7 Day CHG~0.00%
Published-08 Dec, 2018 | 04:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

Action-Not Available
Vendor-n/aDebian GNU/LinuxXen Project
Product-xendebian_linuxn/a
CWE ID-CWE-436
Interpretation Conflict
CVE-2018-18883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 35.08%
||
7 Day CHG~0.00%
Published-01 Nov, 2018 | 00:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-17954
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.3||CRITICAL
EPSS-0.32% / 23.58%
||
7 Day CHG+0.01%
Published-03 Apr, 2020 | 07:05
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crowbar provision leaks admin password to all nodes in cleartext

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.

Action-Not Available
Vendor-SUSE
Product-openstack_cloud_crowbaropenstack_cloudSUSE OpenStack Cloud Crowbar 8SUSE OpenStack Cloud Crowbar 9SUSE OpenStack Cloud 7SUSE OpenStack Cloud 9SUSE OpenStack Cloud 8
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-0847
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-88.11% / 99.75%
||
7 Day CHG-0.96%
Published-07 Mar, 2022 | 00:00
Updated-06 Nov, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-16||Apply updates per vendor instructions.

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Action-Not Available
Vendor-ovirtn/aSonicWall Inc.Siemens AGNetApp, Inc.Red Hat, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h410centerprise_linux_for_power_little_endian_eush300senterprise_linux_for_ibm_z_systemsenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsh500sovirt-engineh410c_firmwarefedorah700e_firmwareenterprise_linux_for_real_time_for_nfv_tush300escalance_lpe9403_firmwareh500e_firmwareenterprise_linux_eush410s_firmwareh500s_firmwareenterprise_linuxenterprise_linux_server_tusenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_for_real_time_for_nfvh410senterprise_linux_for_power_little_endianvirtualization_hosth300s_firmwareenterprise_linux_for_ibm_z_systems_eush700s_firmwareh300e_firmwareh700esma1000enterprise_linux_server_aush500eenterprise_linux_for_real_timesma1000_firmwarecodeready_linux_builderscalance_lpe9403h700slinux_kernelenterprise_linux_for_real_time_tuskernelKernel
CWE ID-CWE-665
Improper Initialization
CVE-2004-1071
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.51% / 39.65%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

Action-Not Available
Vendor-turbolinuxtrustixn/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_advanced_workstationsuse_linuxfedora_coreenterprise_linux_desktopsecure_linuxturbolinux_serverlinux_kernelenterprise_linuxn/a
CVE-2004-0887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 31.67%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSE
Product-linux_kernelsuse_linuxn/a
CVE-2004-0495
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.42% / 34.16%
||
7 Day CHG~0.00%
Published-23 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

Action-Not Available
Vendor-conectivan/aLinux Kernel Organization, IncGentoo Foundation, Inc.Avaya LLCRed Hat, Inc.SUSE
Product-linuxsuse_linux_admin-cd_for_firewallsuse_linux_database_serversuse_office_serverintuity_audixsuse_linux_office_serverlinux_kernelsuse_email_servermodular_messaging_message_storage_serverconverged_communications_serverenterprise_linuxsuse_linux_connectivity_serversuse_linux_firewall_cdsuse_linuxs8700s8500s8300n/a
CVE-2018-14678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 32.84%
||
7 Day CHG~0.00%
Published-28 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

Action-Not Available
Vendor-n/aXen ProjectLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxxendebian_linuxlinux_kerneln/a
CWE ID-CWE-665
Improper Initialization
CVE-2004-0496
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)Linux Kernel Organization, IncGentoo Foundation, Inc.Sun Microsystems (Oracle Corporation)SUSE
Product-sunoslinuxsolarissuse_linux_connectivity_servermandrake_linuxsuse_linux_database_serversuse_linuxmandrake_multi_network_firewallsuse_linux_firewallsuse_linux_office_serverlinux_kernelsuse_email_servermandrake_linux_corporate_servern/a
CVE-2004-1070
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.51% / 39.65%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

Action-Not Available
Vendor-turbolinuxtrustixn/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_advanced_workstationsuse_linuxfedora_coreenterprise_linux_desktopsecure_linuxturbolinux_serverlinux_kernelenterprise_linuxn/a
CVE-2004-1072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.56% / 42.40%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

Action-Not Available
Vendor-turbolinuxtrustixn/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_advanced_workstationsuse_linuxfedora_coreenterprise_linux_desktopsecure_linuxturbolinux_serverlinux_kernelenterprise_linuxn/a
CVE-2010-3301
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-3.82% / 88.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-4093
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.42% / 33.70%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 17:50
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxenterprise_linuxlinux_kernelfedorakernel
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-41103
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.48% / 38.08%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 00:00
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficiently restricted permissions on plugin directories

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.

Action-Not Available
Vendor-containerdDebian GNU/LinuxFedora ProjectThe Linux Foundation
Product-containerddebian_linuxfedoracontainerd
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-41073
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.69% / 74.30%
||
7 Day CHG~0.00%
Published-19 Sep, 2021 | 16:02
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-h300eh500scloud_backuph410c_firmwareh300s_firmwareh410sh300ssolidfire_baseboard_management_controllerh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh700sn/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2021-3760
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.45%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 18:35
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-h300eh500sh300s_firmwareh410c_firmwareh410sh300sh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh700skernel
CWE ID-CWE-416
Use After Free
CVE-2018-11806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.82% / 52.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxvirtualizationdebian_linuxenterprise_linux_server_ausenterprise_linux_workstationqemuopenstackenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10982
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.51%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 23:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.

Action-Not Available
Vendor-n/aDebian GNU/LinuxXen Project
Product-xendebian_linuxn/a
CVE-2017-8903
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.58%
||
7 Day CHG~0.00%
Published-11 May, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CVE-2017-7228
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-1.57% / 72.34%
||
7 Day CHG~0.00%
Published-04 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2001-0193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.06% / 60.50%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSUSE
Product-debian_linuxsuse_linuxn/a
CVE-2000-1134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.42% / 69.50%
||
7 Day CHG~0.00%
Published-19 Dec, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Action-Not Available
Vendor-immunixconectivan/aHP Inc.Mandriva (Mandrakesoft)Red Hat, Inc.The MITRE Corporation (Caldera)SUSE
Product-linuxopenlinuxmandrake_linuxsuse_linuxopenlinux_eserverhp-uxopenlinux_edesktopimmunixn/a
CVE-2017-5931
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.53% / 41.14%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-3847
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.45% / 36.25%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kernelkernel
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2000-1095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.11% / 61.83%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Action-Not Available
Vendor-immunixconectivan/aRed Hat, Inc.Mandriva (Mandrakesoft)SUSE
Product-mandrake_linuximmunixlinuxsuse_linuxn/a
CVE-2021-37576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 43.23%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 21:35
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2000-0438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.08% / 60.94%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

Action-Not Available
Vendor-turbolinuxn/aThe MITRE Corporation (Caldera)SlackwareSUSE
Product-suse_linuxopenlinuxturbolinuxslackware_linuxn/a
CVE-2000-0340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.20% / 64.43%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2017-17558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.48% / 37.96%
||
7 Day CHG~0.00%
Published-12 Dec, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSE
Product-linux_enterprise_serverlinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2000-0231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.77% / 51.22%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

Action-Not Available
Vendor-halloweenn/aSUSE
Product-suse_linuxhalloween_linuxn/a
CVE-2017-17806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.56% / 42.55%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_server_for_raspberry_pileaplinux_enterprise_serverlinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 20
  • 21
  • Next
Details not found