Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2010-2928

    The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.... Read more

    Affected Products : vcenter_server
    • EPSS Score: %0.06
    • Published: Feb. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-3071

    Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.06
    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-1160

    The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.17
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-0368

    OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer ... Read more

    Affected Products : opensc
    • EPSS Score: %0.31
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-1771

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.64
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3160

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.... Read more

    • EPSS Score: %0.15
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0450

    Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.... Read more

    Affected Products : firefox linux_kernel mac_os_x seamonkey
    • EPSS Score: %0.06
    • Published: Feb. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4021

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "... Read more

    Affected Products : kerberos_5
    • EPSS Score: %0.47
    • Published: Dec. 02, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-4269

    The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for... Read more

    Affected Products : derby
    • EPSS Score: %0.78
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1766

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.64
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-2209

    Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-9584

    The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memo... Read more

    • EPSS Score: %0.16
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3637

    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.... Read more

    Affected Products : dbus opensuse
    • EPSS Score: %0.07
    • Published: Sep. 22, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-4080

    The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IO... Read more

    • EPSS Score: %0.09
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-1943

    Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.... Read more

    • EPSS Score: %0.14
    • Published: May. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-3684

    The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-... Read more

    • EPSS Score: %0.05
    • Published: Sep. 29, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1022

    The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypa... Read more

    Affected Products : libcgroup
    • EPSS Score: %0.09
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-0790

    sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.... Read more

    Affected Products : ncpfs
    • EPSS Score: %0.07
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-1052

    The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.05
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-3217

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.83
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291564 Results