Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2010-4082

    The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memo... Read more

    • EPSS Score: %0.07
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-0826

    The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid appli... Read more

    Affected Products : libnss-db
    • EPSS Score: %0.07
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0527

    The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the sc... Read more

    • EPSS Score: %0.06
    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4077

    The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory vi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.48
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-5496

    Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composit... Read more

    • EPSS Score: %0.07
    • Published: May. 23, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4078

    The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FB... Read more

    • EPSS Score: %0.07
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4074

    The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, a... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.08
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4075

    The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0473

    The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.... Read more

    Affected Products : smb4k
    • EPSS Score: %0.06
    • Published: Feb. 03, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-3877

    The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.11
    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4076

    The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGIC... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4652

    Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by lev... Read more

    • EPSS Score: %0.05
    • Published: Jul. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-1446

    arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel me... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0019

    Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.... Read more

    Affected Products : fedora opensuse socat
    • EPSS Score: %0.09
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0017

    The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtai... Read more

    Affected Products : libssh
    • EPSS Score: %0.08
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4083

    The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC... Read more

    • EPSS Score: %0.09
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-0218

    Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a ... Read more

    Affected Products : xen
    • EPSS Score: %0.07
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-1296

    The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are on... Read more

    Affected Products : ubuntu 73-oubuntu
    • EPSS Score: %0.07
    • Published: Jun. 09, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-1650

    IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects,... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.07
    • Published: May. 03, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-5143

    F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boun... Read more

    • EPSS Score: %0.07
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291756 Results