Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-3818

    The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.... Read more

    Affected Products : revelation
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0231

    Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."... Read more

    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-4574

    Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4238

    Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.... Read more

    Affected Products : tcexam
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4565

    The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which a... Read more

    Affected Products : linux_kernel
    • Published: Dec. 29, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-3196

    The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.... Read more

    Affected Products : domain_technologie_control
    • Published: Mar. 21, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-4544

    The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) ke... Read more

    Affected Products : xen
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1717

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors... Read more

    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2726

    Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_bo... Read more

    Affected Products : drupal protest
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2672

    Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.... Read more

    Affected Products : mojarra
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-5863

    IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8827

    LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6436

    The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and l... Read more

    Affected Products : libvirt
    • Published: Jan. 07, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-4820

    Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.... Read more

    Affected Products : hp-ux
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-6120

    Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.... Read more

    Affected Products : openstack_essex openstack_folsom
    • Published: Apr. 10, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-4623

    Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers... Read more

    Affected Products : rsyslog
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-4813

    The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-2221

    A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitro... Read more

    Affected Products : ejabberd install_builder
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-1200

    Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.... Read more

    Affected Products : pxz
    • Published: Jan. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-3564

    Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.... Read more

    Affected Products : sun_glassfish_enterprise_server
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 292860 Results