Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2013-6384

    (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB passwo... Read more

    Affected Products : ceilometer
    • EPSS Score: %0.06
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4384

    Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-2893

    The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.... Read more

    Affected Products : opensuse clang
    • EPSS Score: %0.08
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-1352

    Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-0106

    The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand ... Read more

    • EPSS Score: %0.30
    • Published: Feb. 19, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4481

    Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."... Read more

    Affected Products : enterprise_linux luci
    • EPSS Score: %0.03
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1085

    AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4083

    The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC... Read more

    • EPSS Score: %0.09
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4450

    The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within uninte... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.14
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-1107

    The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-0179

    libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU... Read more

    • EPSS Score: %0.11
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4081

    The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM... Read more

    • EPSS Score: %0.09
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4421

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-0038

    Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.07
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2005-3349

    GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.... Read more

    Affected Products : gnump3d
    • EPSS Score: %0.04
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2011-3153

    dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.... Read more

    Affected Products : ubuntu_linux lightdm
    • EPSS Score: %0.05
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2009-2948

    mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the pa... Read more

    Affected Products : samba
    • EPSS Score: %0.16
    • Published: Oct. 07, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-0006

    The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunis... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-2192

    The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.... Read more

    Affected Products : pmount
    • EPSS Score: %0.03
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3431

    The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unin... Read more

    Affected Products : linux-pam linux-pam
    • EPSS Score: %0.08
    • Published: Jan. 24, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291219 Results