Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2011-0006

    The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunis... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-3556

    A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_dele... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.03
    • Published: Jan. 27, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4073

    The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_... Read more

    • EPSS Score: %0.24
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1019

    The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-3644

    Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.... Read more

    Affected Products : safari
    • EPSS Score: %0.07
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-0154

    The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.... Read more

    Affected Products : xen
    • EPSS Score: %0.07
    • Published: Jan. 12, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-4766

    Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.... Read more

    Affected Products : mysql
    • EPSS Score: %0.13
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2005-3126

    The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.... Read more

    Affected Products : antiword
    • EPSS Score: %0.06
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2013-4369

    The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.... Read more

    Affected Products : xen
    • EPSS Score: %0.06
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1197

    cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.... Read more

    Affected Products : cpio
    • EPSS Score: %3.33
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-0430

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.08
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-0135

    Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.... Read more

    Affected Products : kafo
    • EPSS Score: %0.04
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-0038

    Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.07
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-3520

    The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-2737

    The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via... Read more

    Affected Products : accountsservice
    • EPSS Score: %0.07
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-4944

    Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.... Read more

    Affected Products : python
    • EPSS Score: %0.04
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0076

    The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.... Read more

    Affected Products : openssl
    • EPSS Score: %0.67
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-1420

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a fil... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6548

    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.02
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-1427

    The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as for... Read more

    Affected Products : debian_linux lighttpd
    • EPSS Score: %0.06
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291360 Results