FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Privilege Escalation
Freeipa
NVD
CVSS 2.0
3.5
EPSS
0.4%
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a. Rated low severity (CVSS 1.9).
Denial Of Service
Debian Linux
Xen
Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%