Search Results (312888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-14347 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2025-08-29 5.5 Medium
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVE-2024-0409 4 Fedoraproject, Redhat, Tigervnc and 1 more 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more 2025-08-29 7.8 High
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
CVE-2024-0408 4 Fedoraproject, Redhat, Tigervnc and 1 more 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more 2025-08-29 5.5 Medium
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVE-2017-10971 1 X.org 1 X Server 2025-08-29 N/A
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
CVE-2020-17144 1 Microsoft 1 Exchange Server 2025-08-29 8.4 High
Microsoft Exchange Remote Code Execution Vulnerability
CVE-2020-25720 1 Redhat 3 Enterprise Linux, Openshift, Storage 2025-08-29 7.5 High
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
CVE-2025-3931 1 Redhat 2 Enterprise Linux, Satellite 2025-08-29 7.8 High
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
CVE-2025-9572 2025-08-29 5.0 Medium
No description is available for this CVE.
CVE-2025-58333 2025-08-29 N/A
Not used
CVE-2025-58332 2025-08-29 N/A
Not used
CVE-2025-58331 2025-08-29 N/A
Not used
CVE-2025-58330 2025-08-29 N/A
Not used
CVE-2025-58329 2025-08-29 N/A
Not used
CVE-2025-58328 2025-08-29 N/A
Not used
CVE-2025-58327 2025-08-29 N/A
Not used
CVE-2025-58326 2025-08-29 N/A
Not used
CVE-2025-24000 2 Wordpress, Wpexperts 2 Wordpress, Post Smtp 2025-08-29 8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass.This issue affects Post SMTP: from n/a through 3.2.0.
CVE-2020-17159 1 Redhat 1 Language Support For Java 2025-08-28 7.8 High
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2020-17158 1 Microsoft 1 Dynamics 365 2025-08-28 8.8 High
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-17156 1 Microsoft 2 Visual Studio 2017, Visual Studio 2019 2025-08-28 7.8 High
Visual Studio Remote Code Execution Vulnerability