Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-3054

    fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories wh... Read more

    Affected Products : php
    • EPSS Score: %0.57
    • Published: Sep. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-1742

    EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.... Read more

    Affected Products : data_protection_advisor
    • EPSS Score: %0.08
    • Published: Aug. 01, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0961

    Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local us... Read more

    Affected Products : advanced_package_tool apt
    • EPSS Score: %0.05
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2016-0592

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.... Read more

    Affected Products : debian_linux vm_virtualbox
    • EPSS Score: %0.09
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6987

    The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.04
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1595

    Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information b... Read more

    Affected Products : firefox firefox_esr thunderbird mac_os_x
    • EPSS Score: %0.08
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5371

    The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standar... Read more

    Affected Products : tivoli_storage_manager
    • EPSS Score: %0.04
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0206

    Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jun. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7813

    Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-8482

    Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors.... Read more

    Affected Products : unified_agent
    • EPSS Score: %0.06
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-0342

    The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.20
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-4256

    The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jan. 25, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3285

    The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.... Read more

    Affected Products : openafs
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9417

    The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.... Read more

    Affected Products : espace_desktop
    • EPSS Score: %0.10
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2669

    The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3320

    Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.... Read more

    Affected Products : usb_enhanced_performance_keyboard
    • EPSS Score: %0.06
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9419

    The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-4053

    The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : ceph-deploy
    • EPSS Score: %0.05
    • Published: Jun. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9418

    The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.... Read more

    Affected Products : espace_desktop
    • EPSS Score: %0.23
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2382

    win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Informatio... Read more

    • EPSS Score: %1.43
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292750 Results