Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2015-1085

    AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-3734

    Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1107

    The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4076

    The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGIC... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4368

    The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-1446

    arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel me... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-5700

    libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 22, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2014-0890

    The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local us... Read more

    Affected Products : sametime sametime_meeting_server
    • EPSS Score: %0.05
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-2152

    Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environme... Read more

    Affected Products : fedora xen
    • EPSS Score: %0.08
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2011-3685

    Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports dire... Read more

    Affected Products : server_monitor
    • EPSS Score: %0.05
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-6146

    IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.06
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-5423

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.06
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2007-1476

    The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of serv... Read more

    • EPSS Score: %0.27
    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-4098

    The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-5960

    Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation.... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.06
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-4832

    Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it ea... Read more

    • EPSS Score: %0.08
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-4838

    IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP cred... Read more

    • EPSS Score: %0.08
    • Published: Dec. 08, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-5204

    Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.... Read more

    Affected Products : webboard
    • EPSS Score: %0.37
    • Published: Oct. 04, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-8923

    The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store t... Read more

    • EPSS Score: %0.12
    • Published: Mar. 25, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-6543

    The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291802 Results