Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2010-2470

    Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files ... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.04
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-0142

    Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.06
    • Published: Feb. 12, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2009-2490

    Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "... Read more

    Affected Products : ray_server_software
    • EPSS Score: %0.06
    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-0098

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-3785

    The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.09
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2024-42155

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 1.9

    LOW
    CVE-2014-0058

    The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 26, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4447

    Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.... Read more

    Affected Products : os_x_server
    • EPSS Score: %0.14
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-2893

    The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.... Read more

    Affected Products : opensuse clang
    • EPSS Score: %0.08
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4448

    House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.05
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-7336

    The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirt... Read more

    Affected Products : opensuse libvirt
    • EPSS Score: %0.07
    • Published: May. 07, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4384

    Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2007-0004

    The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the ser... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.04
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-4972

    RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey ... Read more

    Affected Products : regmon
    • EPSS Score: %0.07
    • Published: Sep. 19, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2017-10120

    Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with log... Read more

    Affected Products : database database_server
    • EPSS Score: %0.08
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 1.9

    LOW
    CVE-2014-0135

    Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.... Read more

    Affected Products : kafo
    • EPSS Score: %0.04
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6546

    The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.03
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0076

    The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.... Read more

    Affected Products : openssl
    • EPSS Score: %0.67
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-2737

    The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via... Read more

    Affected Products : accountsservice
    • EPSS Score: %0.07
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-4944

    Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.... Read more

    Affected Products : python
    • EPSS Score: %0.04
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291219 Results