Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-7813

    Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-2415

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from t... Read more

    Affected Products : jdk jre
    • EPSS Score: %0.11
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1127

    The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.... Read more

    Affected Products : safari
    • EPSS Score: %0.06
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1488

    The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.15
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1832

    Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.... Read more

    Affected Products : passenger
    • EPSS Score: %0.07
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1933

    The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by... Read more

    Affected Products : pillow python_imaging_library
    • EPSS Score: %0.11
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4703

    lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.... Read more

    Affected Products : nagios
    • EPSS Score: %0.44
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3645

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Nov. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-0493

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012... Read more

    Affected Products : mysql
    • EPSS Score: %0.61
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1943

    The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a... Read more

    Affected Products : fedora networkmanager
    • EPSS Score: %0.04
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-5298

    chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.... Read more

    Affected Products : chm2pdf
    • EPSS Score: %0.06
    • Published: Dec. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-6956

    Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is... Read more

    Affected Products : ive_os
    • EPSS Score: %0.21
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5270

    Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the abil... Read more

    Affected Products : debian_linux libgcrypt
    • EPSS Score: %0.07
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-1170

    net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-2499

    slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.... Read more

    Affected Products : slocate
    • EPSS Score: %0.06
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-4701

    The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.... Read more

    Affected Products : nagios
    • EPSS Score: %0.06
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2000-0147

    snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.... Read more

    Affected Products : openserver
    • EPSS Score: %0.13
    • Published: Feb. 08, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0169

    When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /li... Read more

    • EPSS Score: %0.14
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-2894

    The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.... Read more

    Affected Products : bochs
    • EPSS Score: %0.11
    • Published: May. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2001-1029

    libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alterna... Read more

    Affected Products : openssh freebsd
    • EPSS Score: %0.13
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291818 Results