Total 268468 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-21505 1 Redhat 1 Enterprise Linux 2022-07-19 6.7 Medium
An authentication bypass flaw was found in the Linux kernel’s IMA policy when a user performs lockdown. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-28693 1 Redhat 4 Enterprise Linux, Rhel Eus, Rhel Extras Rt and 1 more 2022-07-13 4.7 Medium
A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access.
CVE-2020-25720 2022-06-14 7.5 High
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
CVE-2022-1736 2022-05-19 4.3 Medium
A vulnerability was found in Gnome Control Center. When turning off RDP Remote Desktop Sharing with gnome-control-center, it would only turn off RDP sharing for the current session. RDP Sharing was enabled again without any additional user interaction or notification upon logging back in.
CVE-2020-10370 2022-02-07 5.8 Medium
A lateral-movement denial of service vulnerability was found in resource-sharing Bluetooth hardware. By obtaining code execution on the Bluetooth or Wifi chip, an attacker can perform a lateral denial of service attack on a chip's shared memory resources, impacting the system's availability.
CVE-2021-25635 1 Redhat 1 Enterprise Linux 2021-10-11 6.3 Medium
A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-27017 2021-02-10 6.6 Medium
A flaw was found in puppet-agent. Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2019-15690 1 Redhat 2 Enterprise Linux, Rhel E4s 2019-12-20 9.8 Critical
A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.