Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11476

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-29 Aug, 2019 | 14:38
Updated At-16 Sep, 2024 | 19:15
Rejected At-
Credits

Integer overflow in whoopsie results in out-of-bounds heap write

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:29 Aug, 2019 | 14:38
Updated At:16 Sep, 2024 | 19:15
Rejected At:
▼CVE Numbering Authority (CNA)
Integer overflow in whoopsie results in out-of-bounds heap write

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

Affected Products
Vendor
UbuntuUbuntu
Product
Whoopsie
Versions
Affected
  • before 0.2.52.5ubuntu0.1
  • before 0.2.62ubuntu0.1
  • before 0.2.64ubuntu0.1
  • before 0.2.66
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.06.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Kevin Backhouse of Semmle Security Research Team
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://usn.ubuntu.com/4052-1/
N/A
https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863
N/A
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
N/A
Hyperlink: https://usn.ubuntu.com/4052-1/
Resource: N/A
Hyperlink: https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://usn.ubuntu.com/4052-1/
x_transferred
https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863
x_transferred
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
x_transferred
Hyperlink: https://usn.ubuntu.com/4052-1/
Resource:
x_transferred
Hyperlink: https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:29 Aug, 2019 | 15:15
Updated At:12 Jun, 2023 | 07:15

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.06.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE-190Secondarysecurity@ubuntu.com
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-190
Type: Secondary
Source: security@ubuntu.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.htmlsecurity@ubuntu.com
N/A
https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863security@ubuntu.com
Exploit
Issue Tracking
Vendor Advisory
https://usn.ubuntu.com/4052-1/security@ubuntu.com
Exploit
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863
Source: security@ubuntu.com
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://usn.ubuntu.com/4052-1/
Source: security@ubuntu.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

398Records found

CVE-2019-14896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 08:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedoraenterprise_linuxkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-15090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 27.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 23:47
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-13164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.82%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 13:56
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxqemuleapn/a
CVE-2019-12881
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 22:07
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-4613
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-05 Feb, 2014 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Action-Not Available
Vendor-n/aUbuntuCanonical Ltd.X.Org FoundationDebian GNU/Linux
Product-debian_linuxlinuxubuntu_linuxx_servern/a
CVE-2019-1000018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-19 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

Action-Not Available
Vendor-pizzashackn/aFedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-rsshdebian_linuxfedoraubuntu_linuxn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-8897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-19.90% / 95.24%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 18:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Action-Not Available
Vendor-n/aCanonical Ltd.Xen ProjectCitrix (Cloud Software Group, Inc.)Apple Inc.FreeBSD FoundationDebian GNU/LinuxSynology, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxfreebsddebian_linuxxenserverenterprise_linux_workstationmac_os_xenterprise_virtualization_managerskynasdiskstation_managerxenn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-9516
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.50%
||
7 Day CHG-0.00%
Published-06 Nov, 2018 | 17:00
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.

Action-Not Available
Vendor-Canonical Ltd.Google LLCDebian GNU/Linux
Product-androiddebian_linuxubuntu_linuxAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7566
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.75%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxRed Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxlinux_enterprise_module_for_public_cloudlinux_enterprise_serverdebian_linuxlinux_kernelenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationcommunications_eagle_application_processorenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-6553
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.90%
||
7 Day CHG~0.00%
Published-10 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AppArmor cupsd Sandbox Bypass Due to Use of Hard Links

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

Action-Not Available
Vendor-cupsn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxcupsdebian_linuxcups
CVE-2018-6764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxvirtualizationdebian_linuxenterprise_linux_workstationenterprise_linux_desktoplibvirtn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2018-6555
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 18:00
Updated-16 Sep, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.

Action-Not Available
Vendor-Linux KernelLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelLinux Kernel
CWE ID-CWE-416
Use After Free
CVE-2018-5344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 09:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxvirtualizationlinux_kernelenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-4180
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.31%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxApple Inc.
Product-ubuntu_linuxdebian_linuxmac_os_xn/a
CVE-2018-18653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 00:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-18281
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.77%
||
7 Day CHG~0.00%
Published-30 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-459
Incomplete Cleanup
CVE-2018-16865
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.07% / 83.25%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 21:00
Updated-09 Jun, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

Action-Not Available
Vendor-systemd_projectThe systemd ProjectOracle CorporationDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationsystemdenterprise_linux_server_tuscommunications_session_border_controllerenterprise_linux_desktopenterprise_communications_brokersystemd
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-16877
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.40%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Action-Not Available
Vendor-clusterlabsClusterLabsDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxpacemakerdebian_linuxenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusleappacemaker
CWE ID-CWE-287
Improper Authentication
CVE-2018-17336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.25%
||
7 Day CHG-0.01%
Published-22 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

Action-Not Available
Vendor-n/afreedesktop.orgCanonical Ltd.
Product-udisksubuntu_linuxn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2018-16847
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.09% / 25.75%
||
7 Day CHG-0.02%
Published-02 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Action-Not Available
Vendor-[UNKNOWN]QEMUCanonical Ltd.
Product-ubuntu_linuxqemuQEMU:
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16864
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG-0.05%
Published-11 Jan, 2019 | 20:00
Updated-09 Jun, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Action-Not Available
Vendor-systemd_projectThe systemd ProjectOracle CorporationDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationsystemdenterprise_linux_server_tuscommunications_session_border_controllerenterprise_linux_desktopenterprise_communications_brokersystemd
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-15857
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.84%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxlibxkbcommonxkbcommonn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14734
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 16.93%
||
7 Day CHG~0.00%
Published-29 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2018-13405
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.09%
||
7 Day CHG-0.01%
Published-06 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverubuntu_linuxbig-ip_webacceleratorvirtualizationbig-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausenterprise_linux_ausbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllermrg_realtimeenterprise_linux_workstationfedoraenterprise_linux_eusbig-ip_access_policy_managerenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-12931
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.59%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.59%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-11790
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-1.00% / 76.02%
||
7 Day CHG~0.00%
Published-31 Jan, 2019 | 16:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software Foundation
Product-ubuntu_linuxopenofficeApache OpenOffice
CWE ID-CWE-682
Incorrect Calculation
CVE-2018-11781
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.32%
||
7 Day CHG~0.00%
Published-17 Sep, 2018 | 14:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxspamassassinenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_desktopApache SpamAssassin
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-11237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.60% / 68.36%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 16:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNUNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-enterprise_linux_serverubuntu_linuxelement_software_managemententerprise_linux_workstationvirtualization_hostdata_ontap_edgeglibccommunications_session_border_controllerenterprise_linux_desktopenterprise_communications_brokern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-1087
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-15 May, 2018 | 16:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_virtualizationenterprise_linux_desktopKVM
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2018-10879
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopkernel
CWE ID-CWE-416
Use After Free
CVE-2018-1083
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.49%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

Action-Not Available
Vendor-zshzshCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationzshenterprise_linux_desktopzsh
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-10902
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-21 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_workstationenterprise_linux_desktopkernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-415
Double Free
CVE-2018-10875
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 22:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.SUSEDebian GNU/LinuxCanonical Ltd.
Product-ceph_storageubuntu_linuxvirtualizationdebian_linuxopenshiftopenstackvirtualization_hostsuse_linux_enterprise_serverpackage_hubgluster_storageansible_engineansible
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-10853
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelkernel
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-1000001
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-44.63% / 97.48%
||
7 Day CHG~0.00%
Published-31 Jan, 2018 | 14:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Action-Not Available
Vendor-n/aRed Hat, Inc.Canonical Ltd.GNU
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationvirtualization_hostglibcenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-7980
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.20%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_desktopvirtualizationenterprise_linux_server_tusqemuenterprise_linux_workstationenterprise_linuxenterprise_linux_server_eusdebian_linuxenterprise_linux_serverubuntu_linuxenterprise_linux_server_ausopenstackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7518
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.53%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 13:00
Updated-05 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopKernel:
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-3747
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.10% / 29.22%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 02:35
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MacOS version of Multipass incorrect owner for application directory

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.

Action-Not Available
Vendor-Canonical Ltd.Apple Inc.
Product-multipassmacosMultipass
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-5669
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.60%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Linux Kernel Organization, Inc
Product-linux_kerneldebian_linuxubuntu_linuxn/a
CVE-2016-9775
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.The Apache Software Foundation
Product-ubuntu_linuxdebian_linuxtomcatn/a
CVE-2015-4106
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-03 Jun, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aSUSEQEMUFedora ProjectCitrix (Cloud Software Group, Inc.)Debian GNU/LinuxCanonical Ltd.
Product-xenserverqemufedoraubuntu_linuxlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2011-1593
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelenterprise_linuxubuntu_linuxenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_ausenterprise_linux_eusn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-3067
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 24.76%
||
7 Day CHG~0.00%
Published-21 Sep, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2008-2663
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.88% / 87.78%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Ruby
Product-ubuntu_linuxdebian_linuxrubyn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-2500
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.65% / 85.17%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xfreetypen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-2478
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.68%
||
7 Day CHG~0.00%
Published-29 Sep, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSECanonical Ltd.
Product-linux_kernelubuntu_linuxlinux_enterprise_serverlinux_enterprise_desktopn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-1634
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.69%
||
7 Day CHG~0.00%
Published-27 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Fedora ProjectPython Software FoundationopenSUSE
Product-ubuntu_linuxfedoraopensusepythonlinux_enterprise_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2009-2949
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-50.18% / 97.75%
||
7 Day CHG~0.00%
Published-16 Feb, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-openofficedebian_linuxubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2009-0586
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-14 Mar, 2009 | 18:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-gstreamer_projectn/aCanonical Ltd.
Product-ubuntu_linuxgstreamern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found