Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2015-1420

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a fil... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-4037

    The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.... Read more

    Affected Products : qemu
    • EPSS Score: %0.10
    • Published: Aug. 26, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-4579

    The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.... Read more

    Affected Products : cman fence
    • EPSS Score: %0.05
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-6541

    The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-6563

    The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction... Read more

    Affected Products : openssh mac_os_x
    • EPSS Score: %0.09
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-3644

    Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.... Read more

    Affected Products : safari
    • EPSS Score: %0.07
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-1427

    The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as for... Read more

    Affected Products : debian_linux lighttpd
    • EPSS Score: %0.06
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4368

    The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2016-0438

    Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-... Read more

    Affected Products : retail_applications
    • EPSS Score: %0.12
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2016-0432

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-201... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.12
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2005-2186

    Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.... Read more

    • EPSS Score: %0.11
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2014-4421

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4525

    Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.11
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-3850

    The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.... Read more

    Affected Products : linux_kernel powerpc
    • EPSS Score: %0.06
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-4029

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a ... Read more

    Affected Products : x_server
    • EPSS Score: %0.57
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0822

    umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, whi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4072

    The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl sys... Read more

    • EPSS Score: %0.10
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-1921

    PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0349

    The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCON... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1094

    IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.... Read more

    Affected Products : iphone_os tvos
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291615 Results