Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2015-1113

    The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6540

    The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-1106

    The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local user... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.05
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4259

    runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.... Read more

    Affected Products : ansible
    • EPSS Score: %0.05
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-5150

    The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1310

    The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-0826

    The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid appli... Read more

    Affected Products : libnss-db
    • EPSS Score: %0.07
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2204

    Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive informat... Read more

    Affected Products : tomcat
    • EPSS Score: %0.07
    • Published: Jun. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1016

    The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Tr... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4242

    GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.... Read more

    • EPSS Score: %0.16
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0541

    Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local us... Read more

    • EPSS Score: %0.05
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6538

    The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADM... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6549

    The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6539

    The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-1296

    The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are on... Read more

    Affected Products : ubuntu 73-oubuntu
    • EPSS Score: %0.07
    • Published: Jun. 09, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2009-2490

    Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "... Read more

    Affected Products : ray_server_software
    • EPSS Score: %0.06
    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-0049

    AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applicat... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.19
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-0106

    The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand ... Read more

    • EPSS Score: %0.30
    • Published: Feb. 19, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-0098

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2024-53855

    Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can ... Read more

    Affected Products : centurion_erp
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 291712 Results