Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2010-0826

    The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid appli... Read more

    Affected Products : libnss-db
    • EPSS Score: %0.07
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-2911

    SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel... Read more

    Affected Products : systemtap
    • EPSS Score: %0.08
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-2329

    Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.09
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-0769

    IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a c... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-2192

    The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.... Read more

    Affected Products : pmount
    • EPSS Score: %0.03
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-2803

    The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potent... Read more

    • EPSS Score: %0.08
    • Published: Sep. 08, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-0430

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.08
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-1427

    The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as for... Read more

    Affected Products : debian_linux lighttpd
    • EPSS Score: %0.06
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6541

    The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6548

    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.02
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-1295

    Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecif... Read more

    Affected Products : ubuntu apport
    • EPSS Score: %0.07
    • Published: Apr. 30, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-4461

    The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4082

    The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memo... Read more

    • EPSS Score: %0.07
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-0180

    Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password f... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.05
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4652

    Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by lev... Read more

    • EPSS Score: %0.05
    • Published: Jul. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-4469

    OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an imag... Read more

    Affected Products : nova folsom grizzly havana
    • EPSS Score: %0.06
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1420

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a fil... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-2830

    arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) ... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.03
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-6563

    The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction... Read more

    Affected Products : openssh mac_os_x
    • EPSS Score: %0.09
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-8595

    arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or... Read more

    Affected Products : debian_linux xen opensuse
    • EPSS Score: %0.07
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291153 Results