Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2014-0076

    The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.... Read more

    Affected Products : openssl
    • EPSS Score: %0.67
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-0135

    Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.... Read more

    Affected Products : kafo
    • EPSS Score: %0.04
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2021-2232

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infras... Read more

    • EPSS Score: %0.14
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 1.9

    LOW
    CVE-2011-2492

    The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) t... Read more

    • EPSS Score: %0.06
    • Published: Jul. 28, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-5169

    CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.13
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4420

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6545

    The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.08
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4081

    The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM... Read more

    • EPSS Score: %0.09
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2005-3349

    GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.... Read more

    Affected Products : gnump3d
    • EPSS Score: %0.04
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2012-3734

    Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0979

    lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname w... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3741

    The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that perfo... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.05
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1107

    The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-1281

    Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4450

    The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within uninte... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.14
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-0349

    The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCON... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-3636

    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disc... Read more

    Affected Products : dbus opensuse d-bus
    • EPSS Score: %0.09
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-1085

    AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-3877

    The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.11
    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4469

    OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an imag... Read more

    Affected Products : nova folsom grizzly havana
    • EPSS Score: %0.06
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291573 Results