Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2014-0974

    The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value,... Read more

    Affected Products : little_kernel_bootloader
    • EPSS Score: %0.06
    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-3230

    The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.... Read more

    Affected Products : lavf_demuxer
    • EPSS Score: %0.12
    • Published: Jul. 18, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2009-2490

    Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "... Read more

    Affected Products : ray_server_software
    • EPSS Score: %0.06
    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-5143

    F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boun... Read more

    • EPSS Score: %0.07
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-2470

    Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files ... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.04
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0120

    Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.... Read more

    Affected Products : web_vulnerability_scanner
    • EPSS Score: %0.58
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-4751

    RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files.... Read more

    Affected Products : remotedocs_r-viewer
    • EPSS Score: %0.07
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2009-3556

    A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_dele... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.03
    • Published: Jan. 27, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-2948

    mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the pa... Read more

    Affected Products : samba
    • EPSS Score: %0.16
    • Published: Oct. 07, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-1019

    The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-2934

    Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across... Read more

    Affected Products : xen
    • EPSS Score: %0.16
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-0006

    The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunis... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4073

    The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_... Read more

    • EPSS Score: %0.24
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-3644

    Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.... Read more

    Affected Products : safari
    • EPSS Score: %0.07
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4079

    The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.08
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-1568

    The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dep... Read more

    Affected Products : enterprise_linux fedora
    • EPSS Score: %0.05
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-0010

    The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows... Read more

    • EPSS Score: %1.31
    • Published: Feb. 11, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6548

    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.02
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-1427

    The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as for... Read more

    Affected Products : debian_linux lighttpd
    • EPSS Score: %0.06
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-0413

    Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.... Read more

    • EPSS Score: %0.10
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results