Latest CVE Feed
-
5.6
MEDIUMCVE-2018-10472
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.... Read more
- Published: Apr. 27, 2018
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2015-1985
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.... Read more
Affected Products : mq_appliance_m2000- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.6
MEDIUMCVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.... Read more
- Published: Jul. 10, 2018
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2015-0095
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of... Read more
- Published: Mar. 11, 2015
- Modified: Apr. 12, 2025
-
5.6
MEDIUMCVE-2023-32020
Windows DNS Spoofing Vulnerability... Read more
- Published: Jun. 14, 2023
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2017-9330
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.... Read more
- Published: Jun. 08, 2017
- Modified: Apr. 20, 2025
-
5.6
MEDIUMCVE-2020-3432
A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of di... Read more
- Published: Feb. 12, 2025
- Modified: Jun. 24, 2025
- Vuln Type: Path Traversal
-
5.6
MEDIUMCVE-2024-2321
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies ... Read more
Affected Products :- Published: Feb. 27, 2025
- Modified: Feb. 27, 2025
- Vuln Type: Authorization
-
5.6
MEDIUMCVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.... Read more
Affected Products : workstation router_manager ubuntu_linux debian_linux leap solidfire solaris suse_linux_enterprise_desktop suse_linux_enterprise_server esxi +378 more products- Published: Jan. 04, 2018
- Modified: Jan. 14, 2025
-
5.6
MEDIUMCVE-2018-3665
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.... Read more
Affected Products : ubuntu_linux enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation freebsd core_i3 xenserver core_i5 core_i7 +4 more products- Published: Jun. 21, 2018
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerabil... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation +14 more products- Published: Sep. 03, 2019
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2025-47256
Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.... Read more
Affected Products :- Published: May. 06, 2025
- Modified: May. 07, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cach... Read more
Affected Products : debian_linux xen cortex-a57_firmware cortex-a72_firmware cortex-a73_firmware cortex-a75_firmware cortex-a76_firmware cortex-a76ae_firmware cortex-a77_firmware cortex-a78_firmware +32 more products- Published: Mar. 13, 2022
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2024-24552
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.... Read more
Affected Products : bludit- Published: Jun. 24, 2024
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2020-29012
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to ob... Read more
Affected Products : fortisandbox- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2014-1213
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, c... Read more
- Published: Feb. 10, 2014
- Modified: Apr. 11, 2025
-
5.6
MEDIUMCVE-2017-12547
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2013-1424
Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.... Read more
Affected Products : matplotlib- Published: Jun. 26, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2012-3345
ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.... Read more
Affected Products : ioquake3_engine- Published: Jun. 15, 2012
- Modified: Apr. 11, 2025
-
5.6
MEDIUMCVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle Gra... Read more
- Published: Apr. 15, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Authorization