Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2006-6614

    The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai... Read more

    • EPSS Score: %0.07
    • Published: Dec. 18, 2006
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-5118

    Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors.... Read more

    Affected Products : comodo_internet_security
    • EPSS Score: %0.04
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4758

    installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password... Read more

    Affected Products : otrs
    • EPSS Score: %0.06
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4425

    The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.... Read more

    Affected Products : osirix osirix_md
    • EPSS Score: %0.06
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0823

    xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information... Read more

    Affected Products : slackware_linux
    • EPSS Score: %0.05
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2014-0135

    Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.... Read more

    Affected Products : kafo
    • EPSS Score: %0.04
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-2737

    The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via... Read more

    Affected Products : accountsservice
    • EPSS Score: %0.07
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-4944

    Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.... Read more

    Affected Products : python
    • EPSS Score: %0.04
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3520

    The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0076

    The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.... Read more

    Affected Products : openssl
    • EPSS Score: %0.67
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2007-0006

    The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-4029

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a ... Read more

    Affected Products : x_server
    • EPSS Score: %0.57
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0179

    libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU... Read more

    • EPSS Score: %0.11
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2007-4570

    Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.... Read more

    Affected Products : enterprise_linux mcstrans
    • EPSS Score: %0.07
    • Published: Nov. 10, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-0534

    The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within pr... Read more

    • EPSS Score: %0.05
    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4509

    The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user passw... Read more

    Affected Products : opensuse ibus
    • EPSS Score: %0.08
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3741

    The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that perfo... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.05
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3734

    Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0349

    The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCON... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0979

    lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname w... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291384 Results