Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2012-6549

    The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4074

    The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, a... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.08
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2204

    Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive informat... Read more

    Affected Products : tomcat
    • EPSS Score: %0.07
    • Published: Jun. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-1106

    The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local user... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.05
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-2329

    Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.09
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-6538

    The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADM... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1420

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a fil... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-5030

    CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.... Read more

    Affected Products : cups ubuntu_linux
    • EPSS Score: %0.05
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2009-3556

    A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_dele... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.03
    • Published: Jan. 27, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-0245

    D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race... Read more

    Affected Products : dbus opensuse
    • EPSS Score: %0.04
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2009-2948

    mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the pa... Read more

    Affected Products : samba
    • EPSS Score: %0.16
    • Published: Oct. 07, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-3644

    Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.... Read more

    Affected Products : safari
    • EPSS Score: %0.07
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-3153

    dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.... Read more

    Affected Products : ubuntu_linux lightdm
    • EPSS Score: %0.05
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-4037

    The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.... Read more

    Affected Products : qemu
    • EPSS Score: %0.10
    • Published: Aug. 26, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-2830

    arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) ... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.03
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-2027

    Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.... Read more

    Affected Products : linux_kernel mathematica
    • EPSS Score: %0.03
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3116

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.09
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-6384

    (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB passwo... Read more

    Affected Products : ceilometer
    • EPSS Score: %0.06
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2006-1810

    Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Locati... Read more

    Affected Products : flexbb
    • EPSS Score: %0.19
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2010-5092

    The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.... Read more

    Affected Products : silverstripe
    • EPSS Score: %0.06
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291737 Results