Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2011-4105

    LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.... Read more

    Affected Products : lightdm
    • EPSS Score: %0.05
    • Published: Feb. 17, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0822

    umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, whi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-2976

    The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspe... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Aug. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6544

    The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI ... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.08
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2005-2186

    Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.... Read more

    • EPSS Score: %0.11
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2014-5233

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.... Read more

    • EPSS Score: %0.06
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4758

    installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password... Read more

    Affected Products : otrs
    • EPSS Score: %0.06
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2016-0432

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-201... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.12
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2016-0438

    Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-... Read more

    Affected Products : retail_applications
    • EPSS Score: %0.12
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-5700

    libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 22, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2014-0890

    The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local us... Read more

    Affected Products : sametime sametime_meeting_server
    • EPSS Score: %0.05
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-1958

    The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restri... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0974

    The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value,... Read more

    Affected Products : little_kernel_bootloader
    • EPSS Score: %0.06
    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-7404

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for ... Read more

    • EPSS Score: %0.03
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-4025

    IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it... Read more

    • EPSS Score: %0.08
    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-3287

    EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.... Read more

    Affected Products : emc_unisphere unisphere
    • EPSS Score: %0.06
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-8595

    arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or... Read more

    Affected Products : debian_linux xen opensuse
    • EPSS Score: %0.07
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-1568

    The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dep... Read more

    Affected Products : enterprise_linux fedora
    • EPSS Score: %0.05
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-0523

    gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.... Read more

    Affected Products : gypsy
    • EPSS Score: %0.06
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1420

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a fil... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291659 Results