CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36347
https://notcve.org/view.php?id=CVE-2024-36347
27 Jun 2025 — Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11584
https://notcve.org/view.php?id=CVE-2024-11584
26 Jun 2025 — cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This being used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivelege user could trigger hotplug-hook commands. cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FI... • https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6174
https://notcve.org/view.php?id=CVE-2024-6174
26 Jun 2025 — When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. • https://github.com/canonical/cloud-init/releases/tag/25.1.3 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-6019 – Libblockdev: lpe from allow_active to root in libblockdev via udisks
https://notcve.org/view.php?id=CVE-2025-6019
19 Jun 2025 — A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a l... • https://access.redhat.com/security/cve/CVE-2025-6019 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-6020 – Linux-pam: linux-pam directory traversal
https://notcve.org/view.php?id=CVE-2025-6020
17 Jun 2025 — A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly handled user-controlled paths. In environments where pam_namespace is used, a local attacker could possibly use this issue to escalate their privileges to root. • https://access.redhat.com/security/cve/CVE-2025-6020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5689 – Improper Permission Management in SSH Session Handling
https://notcve.org/view.php?id=CVE-2025-5689
16 Jun 2025 — A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. • https://github.com/ubuntu/authd/security/advisories/GHSA-g8qw-mgjx-rwjr • CWE-269: Improper Privilege Management •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5054 – Race Condition in Canonical Apport
https://notcve.org/view.php?id=CVE-2025-5054
30 May 2025 — Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made t... • https://github.com/daryllundy/cve-2025-5054 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22247 – Insecure file handling vulnerability
https://notcve.org/view.php?id=CVE-2025-22247
12 May 2025 — VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. USN-7508-1 fixed a vulnerability in Open VM Tools. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2025-46421 – Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server
https://notcve.org/view.php?id=CVE-2025-46421
24 Apr 2025 — A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. • https://access.redhat.com/security/cve/CVE-2025-46421 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-46420 – Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
https://notcve.org/view.php?id=CVE-2025-46420
24 Apr 2025 — A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. Alon Zahavi discovered that libsoup incorrectly parsed video files. • https://access.redhat.com/security/cve/CVE-2025-46420 • CWE-401: Missing Release of Memory after Effective Lifetime •