Search
Search Results (312888 CVEs found)
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-14347 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2025-08-29 | 5.5 Medium |
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. | ||||
CVE-2024-0409 | 4 Fedoraproject, Redhat, Tigervnc and 1 more | 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more | 2025-08-29 | 7.8 High |
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. | ||||
CVE-2024-0408 | 4 Fedoraproject, Redhat, Tigervnc and 1 more | 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more | 2025-08-29 | 5.5 Medium |
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. | ||||
CVE-2017-10971 | 1 X.org | 1 X Server | 2025-08-29 | N/A |
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | ||||
CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2025-08-29 | 8.4 High |
Microsoft Exchange Remote Code Execution Vulnerability | ||||
CVE-2020-25720 | 1 Redhat | 3 Enterprise Linux, Openshift, Storage | 2025-08-29 | 7.5 High |
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks. | ||||
CVE-2025-3931 | 1 Redhat | 2 Enterprise Linux, Satellite | 2025-08-29 | 7.8 High |
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | ||||
CVE-2025-9572 | 2025-08-29 | 5.0 Medium | ||
No description is available for this CVE. | ||||
CVE-2025-58333 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58332 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58331 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58330 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58329 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58328 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58327 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-58326 | 2025-08-29 | N/A | ||
Not used | ||||
CVE-2025-24000 | 2 Wordpress, Wpexperts | 2 Wordpress, Post Smtp | 2025-08-29 | 8.8 High |
Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass.This issue affects Post SMTP: from n/a through 3.2.0. | ||||
CVE-2020-17159 | 1 Redhat | 1 Language Support For Java | 2025-08-28 | 7.8 High |
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | ||||
CVE-2020-17158 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 8.8 High |
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||||
CVE-2020-17156 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2025-08-28 | 7.8 High |
Visual Studio Remote Code Execution Vulnerability |