CVE-2025-37088

MEDIUM Year: 2025
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-362
View all →

Vulnerability Description

A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.

Related Vulnerabilities

CVE-2016-10798

MEDIUM
CVSS:6.8(Medium)

cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).

CWE-3622016

CVE-2018-12691

MEDIUM
CVSS:6.8(Medium)

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data pl...

CWE-3622018

CVE-2020-3163

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. T...

CWE-3622020

CVE-2021-20316

MEDIUM
CVSS:6.8(Medium)

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of th...

CWE-3622021

CVE-2021-4203

MEDIUM
CVSS:6.8(Medium)

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with...

CWE-3622021

CVE-2023-49706

MEDIUM
CVSS:6.8(Medium)

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions o...

CWE-3622023