Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2012-6540

    The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6539

    The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6538

    The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADM... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1016

    The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Tr... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-5496

    Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composit... Read more

    • EPSS Score: %0.07
    • Published: May. 23, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2013-0541

    Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local us... Read more

    • EPSS Score: %0.05
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2204

    Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive informat... Read more

    Affected Products : tomcat
    • EPSS Score: %0.07
    • Published: Jun. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-1106

    The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local user... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.05
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-5150

    The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4242

    GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.... Read more

    • EPSS Score: %0.16
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4259

    runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.... Read more

    Affected Products : ansible
    • EPSS Score: %0.05
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1310

    The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-5084

    IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive inf... Read more

    Affected Products : tivoli_federated_identity_manager
    • EPSS Score: %0.05
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-3716

    Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.... Read more

    Affected Products : xen
    • EPSS Score: %0.15
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-2027

    Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.... Read more

    Affected Products : linux_kernel mathematica
    • EPSS Score: %0.03
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2693

    The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.05
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1073

    crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files v... Read more

    Affected Products : freebsd mac_os_x
    • EPSS Score: %0.02
    • Published: Mar. 04, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-0437

    The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2014-5036

    The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.06
    • Published: Sep. 05, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-4693

    Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.... Read more

    Affected Products : wonderware_intouch processsuite
    • EPSS Score: %0.08
    • Published: Dec. 18, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291741 Results