Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-3276

    HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vec... Read more

    Affected Products : openvms openvms
    • Published: Dec. 13, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4578

    The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.... Read more

    Affected Products : freebsd geli
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5233

    Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.... Read more

    Affected Products : drupal stickynote
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0266

    manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the ... Read more

    Affected Products : folsom essex
    • Published: Mar. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0493

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012... Read more

    Affected Products : mysql
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4346

    The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer de... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1127

    The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.... Read more

    Affected Products : safari
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-5690

    The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions... Read more

    Affected Products : solaris opensolaris
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4544

    The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) ke... Read more

    Affected Products : xen
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3866

    lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master serv... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4574

    Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4571

    Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.... Read more

    Affected Products : keyring
    • Published: Nov. 30, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0421

    The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.... Read more

    Affected Products : suse_audit_log_keeper
    • Published: Aug. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0218

    The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and th... Read more

    • Published: Feb. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2657

    Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to se... Read more

    Affected Products : unixodbc
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0225

    Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web scr... Read more

    Affected Products : drupal user_relationships
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0345

    varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party... Read more

    Affected Products : varnish_cache
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-2743

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitiv... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-2157

    The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.... Read more

    Affected Products : fedora debian_linux opensuse putty putty
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-6536

    net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NE... Read more

    Affected Products : linux_kernel
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293360 Results