Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2009-1215

    Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.... Read more

    Affected Products : screen gnu_screen
    • EPSS Score: %0.09
    • Published: Apr. 01, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-4972

    RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey ... Read more

    Affected Products : regmon
    • EPSS Score: %0.07
    • Published: Sep. 19, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-0004

    The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the ser... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.04
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-6722

    Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID,... Read more

    Affected Products : access_manager
    • EPSS Score: %0.06
    • Published: Apr. 14, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-5107

    The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.... Read more

    Affected Products : presentation_server desktop_server
    • EPSS Score: %0.10
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-1310

    The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-2911

    SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel... Read more

    Affected Products : systemtap
    • EPSS Score: %0.08
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-4259

    runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.... Read more

    Affected Products : ansible
    • EPSS Score: %0.05
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2162

    Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users... Read more

    Affected Products : ubuntu_linux
    • EPSS Score: %0.03
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1016

    The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Tr... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4242

    GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.... Read more

    • EPSS Score: %0.09
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-0826

    The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid appli... Read more

    Affected Products : libnss-db
    • EPSS Score: %0.07
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0527

    The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the sc... Read more

    • EPSS Score: %0.06
    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-5496

    Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composit... Read more

    • EPSS Score: %0.07
    • Published: May. 23, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-2634

    net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-3287

    EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.... Read more

    Affected Products : emc_unisphere unisphere
    • EPSS Score: %0.06
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4025

    IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it... Read more

    • EPSS Score: %0.08
    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-3685

    Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports dire... Read more

    Affected Products : server_monitor
    • EPSS Score: %0.05
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-5423

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.06
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6537

    net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.08
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291205 Results