Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-4574

    Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4565

    The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which a... Read more

    Affected Products : linux_kernel
    • Published: Dec. 29, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3297

    The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETM... Read more

    • Published: Sep. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4497

    Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide UR... Read more

    Affected Products : drupal elegant_theme
    • Published: Nov. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-3156

    Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTM... Read more

    Affected Products : drupal date
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-4346

    The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer de... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4238

    Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.... Read more

    Affected Products : tcexam
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-2176

    GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.... Read more

    Affected Products : networkmanager
    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4578

    The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.... Read more

    Affected Products : freebsd geli
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4453

    dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.... Read more

    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4544

    The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) ke... Read more

    Affected Products : xen
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0947

    EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.... Read more

    Affected Products : authentication_manager
    • Published: Jun. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4496

    Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parame... Read more

    Affected Products : drupal custom_pub
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6648

    gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-... Read more

    Affected Products : ubuntu_linux gdm-guest-session
    • Published: May. 22, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0969

    The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    Affected Products : ubuntu_linux linux groff
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-4452

    MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with ... Read more

    Affected Products : mysql mysql
    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6646

    F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.... Read more

    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-4571

    Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.... Read more

    Affected Products : keyring
    • Published: Nov. 30, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0691

    The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.... Read more

    Affected Products : linux mgetty
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0442

    Solaris ff.core allows local users to modify files.... Read more

    Affected Products : solaris sunos
    • Published: Jan. 07, 1999
    • Modified: Apr. 03, 2025
Showing 20 of 293351 Results