Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-6223

    LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.... Read more

    Affected Products : livezilla
    • EPSS Score: %0.06
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-1170

    net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-3276

    The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.11
    • Published: Oct. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5298

    chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.... Read more

    Affected Products : chm2pdf
    • EPSS Score: %0.06
    • Published: Dec. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-6956

    Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is... Read more

    Affected Products : ive_os
    • EPSS Score: %0.21
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3010

    ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : ceph-deploy
    • EPSS Score: %0.05
    • Published: Jun. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4701

    The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.... Read more

    Affected Products : nagios
    • EPSS Score: %0.06
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4703

    lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.... Read more

    Affected Products : nagios
    • EPSS Score: %0.44
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-3894

    IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated w... Read more

    Affected Products : lenovo_7cetb5ww
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-3107

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.62
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-0016

    Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.... Read more

    Affected Products : tor tor
    • EPSS Score: %0.06
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1940

    X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading password... Read more

    Affected Products : ubuntu_linux x.org-xserver
    • EPSS Score: %0.11
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3073

    SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptograph... Read more

    Affected Products : encfs
    • EPSS Score: %0.16
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2522

    The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.... Read more

    Affected Products : umip
    • EPSS Score: %0.06
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-4623

    Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers... Read more

    Affected Products : rsyslog
    • EPSS Score: %0.09
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1356

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.06
    • Published: Jul. 19, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-7258

    The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue be... Read more

    Affected Products : ssmtp
    • EPSS Score: %0.07
    • Published: Aug. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2223

    Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to ob... Read more

    • EPSS Score: %0.07
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-3619

    Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.05
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-3861

    The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with... Read more

    • EPSS Score: %0.05
    • Published: Dec. 10, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 291335 Results