Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-4497

    Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide UR... Read more

    Affected Products : drupal elegant_theme
    • Published: Nov. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4496

    Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parame... Read more

    Affected Products : drupal custom_pub
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1717

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors... Read more

    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4571

    Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.... Read more

    Affected Products : keyring
    • Published: Nov. 30, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1767

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2531

    Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: Nov. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6119

    Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.... Read more

    • Published: Apr. 02, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1060

    Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitra... Read more

    Affected Products : drupal revisioning
    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5516

    Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6108

    HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.... Read more

    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4452

    MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with ... Read more

    Affected Products : mysql mysql
    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4453

    dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.... Read more

    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5538

    Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script... Read more

    Affected Products : drupal filefield_sources
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4574

    Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6117

    Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.... Read more

    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4544

    The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) ke... Read more

    Affected Products : xen
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5483

    tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading admi... Read more

    Affected Products : keystone
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4346

    The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer de... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1773

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2672

    Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.... Read more

    Affected Products : mojarra
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293542 Results