Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2013-6384

    (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB passwo... Read more

    Affected Products : ceilometer
    • EPSS Score: %0.06
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2693

    The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.05
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1901

    The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %0.06
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2002-1785

    Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.... Read more

    Affected Products : zeus_web_server
    • EPSS Score: %0.16
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2012-6140

    pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem op... Read more

    Affected Products : authenticator
    • EPSS Score: %0.03
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-3685

    Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports dire... Read more

    Affected Products : server_monitor
    • EPSS Score: %0.05
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-5423

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.06
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-6540

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.... Read more

    Affected Products : vm_virtualbox
    • EPSS Score: %0.17
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2007-4308

    The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.... Read more

    Affected Products : linux_kernel aacraid_controller
    • EPSS Score: %0.06
    • Published: Aug. 13, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-2873

    SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by ... Read more

    Affected Products : spamassassin
    • EPSS Score: %0.06
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2023-20512

    A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Oct. 30, 2024

  • 1.9

    LOW
    CVE-2014-4652

    Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by lev... Read more

    • EPSS Score: %0.05
    • Published: Jul. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-0180

    Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password f... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.05
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-0218

    Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a ... Read more

    Affected Products : xen
    • EPSS Score: %0.07
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-1651

    IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local ... Read more

    Affected Products : websphere_application_server z\/os
    • EPSS Score: %0.05
    • Published: May. 03, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3877

    The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.11
    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2302

    TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server.... Read more

    Affected Products : active\!_mail
    • EPSS Score: %0.06
    • Published: Apr. 04, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-6561

    Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.... Read more

    Affected Products : windows presentation_server_client
    • EPSS Score: %0.08
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-4098

    The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2006-6614

    The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai... Read more

    • EPSS Score: %0.07
    • Published: Dec. 18, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 291615 Results