Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-6120

    Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.... Read more

    Affected Products : openstack_essex openstack_folsom
    • EPSS Score: %0.04
    • Published: Apr. 10, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2001-0416

    sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.... Read more

    Affected Products : linux mandrake_linux immunix sgml-tools
    • EPSS Score: %0.09
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-2910

    arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 proces... Read more

    • EPSS Score: %0.05
    • Published: Oct. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-3044

    Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-b... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.12
    • Published: Sep. 22, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3069

    xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.... Read more

    Affected Products : hylafax
    • EPSS Score: %0.07
    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-3619

    Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.05
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-1453

    GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the prog... Read more

    Affected Products : glibc
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-0016

    Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.... Read more

    Affected Products : tor tor
    • EPSS Score: %0.06
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-1420

    MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.15
    • Published: Mar. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0977

    The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-0059

    JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.... Read more

    • EPSS Score: %0.05
    • Published: Nov. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-0072

    zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.... Read more

    Affected Products : zhcon
    • EPSS Score: %0.08
    • Published: Jan. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1332

    gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.... Read more

    Affected Products : linux
    • EPSS Score: %0.16
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1270

    The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : rootkit_hunter
    • EPSS Score: %0.08
    • Published: Apr. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-5991

    There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the bod... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Race Condition

  • 2.1

    LOW
    CVE-2005-0201

    D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.... Read more

    Affected Products : enterprise_linux d-bus
    • EPSS Score: %0.07
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1166

    The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information.... Read more

    • EPSS Score: %0.08
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0135

    The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-3861

    The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with... Read more

    • EPSS Score: %0.05
    • Published: Dec. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5561

    script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.... Read more

    Affected Products : subscription_asset_manager katello
    • EPSS Score: %0.05
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291647 Results