Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-9267

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Oct, 2018 | 08:00
Updated At-06 Aug, 2024 | 08:43
Rejected At-
Credits

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Oct, 2018 | 08:00
Updated At:06 Aug, 2024 | 08:43
Rejected At:
â–¼CVE Numbering Authority (CNA)

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
mailing-list
x_refsource_MLIST
https://sourceforge.net/p/nsis/bugs/1125/
x_refsource_MISC
http://jvn.jp/en/jp/JVN68418039/index.html
third-party-advisory
x_refsource_JVN
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://sourceforge.net/p/nsis/bugs/1125/
Resource:
x_refsource_MISC
Hyperlink: http://jvn.jp/en/jp/JVN68418039/index.html
Resource:
third-party-advisory
x_refsource_JVN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
mailing-list
x_refsource_MLIST
x_transferred
https://sourceforge.net/p/nsis/bugs/1125/
x_refsource_MISC
x_transferred
http://jvn.jp/en/jp/JVN68418039/index.html
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://sourceforge.net/p/nsis/bugs/1125/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN68418039/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Oct, 2018 | 08:29
Updated At:15 Mar, 2021 | 22:29

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P
CPE Matches

nullsoft
nullsoft
>>nullsoft_scriptable_install_system>>Versions before 2.49(exclusive)
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN68418039/index.htmlcve@mitre.org
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00041.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://sourceforge.net/p/nsis/bugs/1125/cve@mitre.org
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://jvn.jp/en/jp/JVN68418039/index.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://sourceforge.net/p/nsis/bugs/1125/
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

124Records found

CVE-2013-4184
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 39.41%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 00:00
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks

Action-Not Available
Vendor-data\libdata-uuid-perlDebian GNU/Linux
Product-\debian_linuxlibdata-uuid-perl
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-0009
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 48.18%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 15:31
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2010-4817
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 32.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 21:54
Updated-07 Aug, 2024 | 04:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.

Action-Not Available
Vendor-pithos_projectpithosDebian GNU/Linux
Product-debian_linuxpithospithos
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-20811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 35.52%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 02:44
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CVE-2007-2837
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.34% / 25.62%
||
7 Day CHG~0.00%
Published-03 Jul, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.

Action-Not Available
Vendor-firefliern/aDebian GNU/Linux
Product-fireflierdebian_linuxn/a
CVE-2005-1916
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 27.57%
||
7 Day CHG~0.00%
Published-06 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

Action-Not Available
Vendor-ekg_projectn/aDebian GNU/Linux
Product-debian_linuxekgn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-18021
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.57% / 43.00%
||
7 Day CHG~0.00%
Published-07 Oct, 2018 | 06:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-4194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 19.18%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 13:19
Updated-24 Mar, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, IncFedora ProjectRed Hat, Inc.
Product-debian_linuxlinux_kernelfedoraenterprise_linuxRed Hat Virtualization 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-6188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 33.86%
||
7 Day CHG~0.00%
Published-22 Feb, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

Action-Not Available
Vendor-munin-monitoringn/aDebian GNU/Linux
Product-debian_linuxmuninn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-7206
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-3.6||LOW
EPSS-0.39% / 30.55%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-aptadvanced_package_tooln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-3202
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.6||LOW
EPSS-1.01% / 58.80%
||
7 Day CHG~0.00%
Published-02 Jul, 2015 | 21:16
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

Action-Not Available
Vendor-fuse_projectn/aDebian GNU/Linux
Product-fusedebian_linuxn/a
CVE-2012-3453
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.6||LOW
EPSS-0.34% / 25.55%
||
7 Day CHG~0.00%
Published-07 Aug, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-logoln/a
CVE-2011-2923
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 32.16%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 20:38
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Action-Not Available
Vendor-foomatic-filtersDebian GNU/LinuxThe Linux Foundation
Product-debian_linuxfoomatic-filtersfoomatic-filters
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2924
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.89%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 21:20
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Action-Not Available
Vendor-foomatic-filtersDebian GNU/LinuxFedora ProjectThe Linux Foundation
Product-debian_linuxfoomatic-filtersfedorafoomatic-filters
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-3373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.94%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 12:10
Updated-07 Aug, 2024 | 03:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

paxtest handles temporary files insecurely

Action-Not Available
Vendor-grsecurityn/aDebian GNU/Linux
Product-paxtestdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4996
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.88%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-initramfs-toolsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2017-8806
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 33.71%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxThe PostgreSQL Global Development Group
Product-postgresqldebian_linuxubuntu_linuxPostgreSQL-related scripts that are specific to Debian and Ubuntu
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-3350
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 17.73%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 02:16
Updated-15 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

Action-Not Available
Vendor-Cisco Systems, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxadvanced_malware_protection_for_endpointsclam_antivirusfedoraCisco AMP for Endpoints
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-26088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.92%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 14:06
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelleapn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-25211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.57% / 42.84%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 15:51
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-26835
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 13.34%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 10:10
Updated-23 May, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
netfilter: nf_tables: set dormant flag on hook register failure

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxLinux
CVE-2020-14393
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.60% / 44.44%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:27
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

Action-Not Available
Vendor-perln/aDebian GNU/LinuxopenSUSEFedora Project
Product-database_interfacedebian_linuxfedoraleapperl-dbi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10684
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.9||HIGH
EPSS-0.34% / 26.45%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 00:00
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linuxopenstackfedoraansibleansible_towerAnsible
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-1529
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-3.75% / 88.55%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirddebian_linuxfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusfedoraenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-1511
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-83.63% / 99.65%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-7421
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.72% / 49.23%
||
7 Day CHG+0.01%
Published-02 Mar, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinuxlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-4251
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 19:21
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Action-Not Available
Vendor-scipySciPyDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-scipydebian_linuxfedoraenterprise_linuxSciPy
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-25595
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.31%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 21:01
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-41974
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 44.68%
||
7 Day CHG~0.00%
Published-29 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

Action-Not Available
Vendor-opensvcn/aDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxmultipath-toolsn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-2016
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.45%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 21:47
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

Action-Not Available
Vendor-Debian GNU/LinuxQEMUNovell
Product-open_enterprise_serverdebian_linuxqemuopen_desktop_serverqemu (virtio-rng)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-39286
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.06% / 60.30%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Execution with Unnecessary Privileges in JupyterApp

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.

Action-Not Available
Vendor-jupyterjupyterFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorajupyter_corejupyter_core
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2012-1104
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.71% / 74.58%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 17:49
Updated-06 Aug, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

Action-Not Available
Vendor-apereojasig projectLinux Kernel Organization, IncDebian GNU/Linux
Product-phpcasdebian_linuxlinux_kernelphpCAS
CWE ID-CWE-269
Improper Privilege Management
CVE-2011-2910
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.38% / 29.45%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 16:37
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

Action-Not Available
Vendor-linux-ax25ax25-toolsDebian GNU/Linux
Product-debian_linuxax25-toolsax25-tools
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-3088
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.59%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-16 Apr, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,&nbsp;UC-3100 System Image: Versions v1.0 to v1.6,&nbsp;UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

Action-Not Available
Vendor-Moxa Inc.Debian GNU/Linux
Product-uc-8540-lxaig-301-t-azu-lx_firmwareuc-8220-t-lxaig-301-ap-azu-lxuc-2102-t-lxuc-8540-t-ct-lxda-662c-16-lxuc-8112-me-t-lx1aig-301-us-azu-lxaig-301-cn-azu-lxuc-8540-t-ct-lx_firmwareuc-8580-t-lxuc-2102-lx_firmwareuc-3121-t-us-lxaig-301-eu-azu-lxuc-8580-t-ct-lx_firmwareuc-5111-lxuc-2112-lxuc-8112-me-t-lx1_firmwareuc-3111-t-eu-lxaig-301-eu-azu-lx_firmwaredebian_linuxuc-3111-t-eu-lx-nw_firmwareuc-5112-t-lx_firmwareuc-3121-t-us-lx_firmwareuc-8112a-me-t-lxuc-8162-lxaig-301-ap-azu-lx_firmwareuc-2104-lxaig-301-t-ap-azu-lx_firmwareuc-8162-lx_firmwareuc-8112-me-t-lxuc-5112-t-lxuc-3111-t-us-lxuc-8410a-lxuc-3101-t-us-lx_firmwareuc-5112-lxuc-8580-q-lx_firmwareuc-5102-t-lx_firmwareuc-8580-lx_firmwareuc-5102-lx_firmwareuc-8112-lxuc-3111-t-ap-lx-nwuc-3121-t-eu-lxuc-8220-t-lx-eu-saig-301-cn-azu-lx_firmwareuc-2101-lxuc-8220-t-lx-us-suc-3121-t-eu-lx_firmwareuc-3101-t-ap-lx_firmwareuc-8220-t-lx-ap-suc-8131-lx_firmwareuc-3111-t-ap-lx_firmwareuc-8410a-t-lxaig-301-t-us-azu-lx_firmwareuc-2102-lxuc-8132-lxuc-8220-t-lx-suc-3121-t-ap-lxuc-2116-t-lx_firmwareaig-301-t-eu-azu-lx_firmwareaig-301-t-ap-azu-lxuc-8220-t-lx-s_firmwareuc-2111-lx_firmwareuc-3111-t-us-lx-nwuc-8580-t-ct-lxuc-8131-lxuc-5101-t-lxuc-2114-t-lxuc-8112-lx_firmwareuc-3121-t-ap-lx_firmwareuc-8540-t-lxaig-301-t-azu-lxaig-301-t-us-azu-lxuc-8220-t-lx_firmwareaig-301-us-azu-lx_firmwareuc-8410a-t-lx_firmwareuc-8580-t-lx_firmwareuc-3111-t-eu-lx_firmwareuc-8220-t-lx-eu-s_firmwareaig-301-t-eu-azu-lxuc-3101-t-ap-lxuc-8132-lx_firmwareuc-5111-t-lx_firmwareuc-8580-q-lxuc-5111-t-lxuc-8410a-nw-t-lxuc-3111-t-eu-lx-nwuc-3101-t-eu-lx_firmwareuc-2102-t-lx_firmwareuc-5102-lxuc-3111-t-ap-lxuc-5101-lx_firmwareuc-2104-lx_firmwareuc-8220-t-lx-us-s_firmwareuc-8410a-lx_firmwareuc-3101-t-us-lxda-662c-16-lx_firmwareuc-5111-lx_firmwareuc-8580-t-q-lx_firmwareuc-5102-t-lxuc-8580-lxuc-8220-t-lx-ap-s_firmwareuc-2114-t-lx_firmwareuc-8580-t-ct-q-lx_firmwareuc-3111-t-ap-lx-nw_firmwareuc-3111-t-us-lx_firmwareuc-5112-lx_firmwareuc-3101-t-eu-lxuc-8112a-me-t-lx_firmwareaig-301-t-cn-azu-lx_firmwareuc-8580-t-ct-q-lxaig-301-azu-lxuc-5101-t-lx_firmwareuc-8580-t-q-lxuc-5101-lxaig-301-t-cn-azu-lxuc-2112-lx_firmwareaig-301-azu-lx_firmwareuc-8410a-nw-t-lx_firmwareuc-2101-lx_firmwareuc-8540-lx_firmwareuc-8410a-nw-lx_firmwareuc-8112-me-t-lx_firmwareuc-8410a-nw-lxuc-2111-lxuc-3111-t-us-lx-nw_firmwareuc-2116-t-lxuc-8540-t-lx_firmwareUC-8580 with Debian 9 System ImageUC-8100 System ImageUC-2100-W System ImageUC-8100-ME-T System ImageDA-662C-16-LX (GLB) System ImageUC-2100 System ImageUC-8100A-ME-T System ImaageUC-8540 with Debian 9 System ImageUC-3100 System ImageUC-8200 System ImageAIG-300 System ImageUC-5100 System ImageUC-8410A with Debian 9 System Image
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-31676
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.54% / 41.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Action-Not Available
Vendor-n/aFedora ProjectVMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-debian_linuxlinux_kernelontap_select_deploy_administration_utilityfedoratoolswindowsVMware Tools
CWE ID-CWE-269
Improper Privilege Management
CVE-2010-4664
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.65%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 21:43
Updated-07 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

Action-Not Available
Vendor-consolekit_projectconsolekitDebian GNU/LinuxRed Hat, Inc.
Product-consolekitdebian_linuxenterprise_linuxconsolekit
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-25636
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.63% / 83.69%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 01:41
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-h300edebian_linuxlinux_kernelh500eh500scommunications_cloud_native_core_network_exposure_functioncommunications_cloud_native_core_binding_support_functionh410sh700eh410ch300sh700scommunications_cloud_native_core_policyn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-13738
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.17%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-21699
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.66% / 46.95%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 21:15
Updated-22 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Execution with Unnecessary Privileges in ipython

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Action-Not Available
Vendor-ipythonipythonDebian GNU/LinuxFedora Project
Product-ipythondebian_linuxfedoraipython
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-279
Incorrect Execution-Assigned Permissions
CWE ID-CWE-269
Improper Privilege Management
CVE-2008-2931
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.38% / 29.54%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncNovellDebian GNU/Linux
Product-debian_linuxubuntu_linuxsuse_linux_enterprise_serversuse_linux_enterprise_desktoplinux_kernelopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2007-2444
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.78% / 51.55%
||
7 Day CHG~0.00%
Published-14 May, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-debian_linuxsambaubuntu_linuxn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-6080
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.37% / 68.66%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0751
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.63% / 45.90%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 13:48
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefox_esrfirefoxdebian_linuxFirefoxThunderbirdFirefox ESR
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-46333
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-1.38% / 68.78%
||
7 Day CHG+0.17%
Published-15 May, 2026 | 12:58
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ptrace: slightly saner 'get_dumpable()' logic

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Linux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinuxRed Hat Enterprise Linux Real Time for NFV E4S (v.9.2)Red Hat Enterprise Linux Real Time (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux Real Time EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux BaseOS E4S (v.9.4)Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux NFV (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux Real Time EUS (v.9.4)NVIDIA for RHEL 10Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux 7Red Hat Enterprise Linux RT (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux Real Time EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux NFV E4S (v.9.0)Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux Real Time E4S (v.9.2)Red Hat Enterprise Linux Real Time for NFV (v. 10)Red Hat Enterprise Linux Real Time E4S (v.9.0)Red Hat Enterprise Linux Real Time (v. 9)Red Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux Real Time for NFV (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat CodeReady Linux Builder EUS (v.9.6)
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-18344
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.50% / 71.13%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-43528
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.27% / 66.20%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:21
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-thunderbirddebian_linuxThunderbird
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-43860
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-1.35% / 68.01%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Permissions granted to applications can be hidden from the user at install time

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the "metadata" file to ensure it wasn't lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.

Action-Not Available
Vendor-flatpakflatpakDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-fedoradebian_linuxflatpakenterprise_linuxflatpak
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-13405
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.01% / 58.86%
||
7 Day CHG-0.01%
Published-06 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverubuntu_linuxbig-ip_webacceleratorvirtualizationbig-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausenterprise_linux_ausbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllermrg_realtimeenterprise_linux_workstationfedoraenterprise_linux_eusbig-ip_access_policy_managerenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-26604
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.05% / 60.12%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 00:00
Updated-20 Jun, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

Action-Not Available
Vendor-systemd_projectn/aDebian GNU/Linux
Product-systemddebian_linuxn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-9324
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.35% / 81.64%
||
7 Day CHG~0.00%
Published-12 Jun, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.

Action-Not Available
Vendor-n/aOTRS AGDebian GNU/Linux
Product-debian_linuxotrsn/a
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found