Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-3640

    The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket... Read more

    • EPSS Score: %0.06
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7971

    Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which ar... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-2141

    The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgk... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Jun. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-2147

    The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1)... Read more

    • EPSS Score: %0.08
    • Published: Jun. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5351

    The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %0.29
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-5619

    The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activit... Read more

    Affected Products : the_sleuth_kit
    • EPSS Score: %0.10
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-0181

    The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations... Read more

    • EPSS Score: %0.03
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0146

    IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which al... Read more

    Affected Products : content_collector
    • EPSS Score: %0.05
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0963

    Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an ... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-2038

    The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %0.05
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3209

    The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.... Read more

    Affected Products : ldns
    • EPSS Score: %0.15
    • Published: Nov. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-0657

    Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.06
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-7230

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.... Read more

    Affected Products : ubuntu_linux openstack nova cinder trove
    • EPSS Score: %0.12
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3532

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then e... Read more

    • EPSS Score: %0.12
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3533

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.... Read more

    Affected Products : debian_linux dbus opensuse mageia
    • EPSS Score: %0.08
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0162

    The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.... Read more

    Affected Products : ruby_parser
    • EPSS Score: %0.15
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1769

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %11.08
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1345

    The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.... Read more

    Affected Products : opensuse grep
    • EPSS Score: %0.09
    • Published: Feb. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4330

    The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a la... Read more

    Affected Products : perl data_dumper
    • EPSS Score: %0.11
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0797

    The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).... Read more

    Affected Products : zlib
    • EPSS Score: %0.76
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291647 Results