Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2013-2477

    The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark opensuse
    • Published: Mar. 07, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-5238

    epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and applica... Read more

    Affected Products : wireshark
    • Published: Oct. 04, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-6382

    MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended ... Read more

    Affected Products : mantisbt
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-4296

    Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.... Read more

    Affected Products : wireshark sunos opensuse
    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-7957

    Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain us... Read more

    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-4285

    The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and applicatio... Read more

    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-0422

    In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. U... Read more

    Affected Products : android
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-12394

    A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.... Read more

    Affected Products : firefox
    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-0459

    In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional e... Read more

    Affected Products : android
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-0481

    In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User inte... Read more

    Affected Products : android
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-3282

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, w... Read more

    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-2291

    Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party ... Read more

    Affected Products : voip_phone_firmware
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-2792

    Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-cli... Read more

    Affected Products : firefox spice-xpi
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-3423

    lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2017-1681

    IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force I... Read more

    Affected Products : liberty
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-14328

    A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more ... Read more

    Affected Products : ansible_tower
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-5007

    The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.... Read more

    Affected Products : anyconnect_ssl_vpn
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-5079

    The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.... Read more

    Affected Products : groff
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-40442

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-14329

    A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and ... Read more

    Affected Products : ansible_tower
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294842 Results