Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-0421

    The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.... Read more

    Affected Products : suse_audit_log_keeper
    • Published: Aug. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0324

    Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script ... Read more

    Affected Products : drupal menu_reference
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6536

    net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NE... Read more

    Affected Products : linux_kernel
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0346

    Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any ... Read more

    Affected Products : tomcat
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2157

    The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.... Read more

    Affected Products : fedora debian_linux opensuse putty putty
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2726

    Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_bo... Read more

    Affected Products : drupal protest
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2705

    The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS)... Read more

    Affected Products : drupal smart_breadcrumb
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0390

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5483

    tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading admi... Read more

    Affected Products : keystone
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0493

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012... Read more

    Affected Products : mysql
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0345

    varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party... Read more

    Affected Products : varnish_cache
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2657

    Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to se... Read more

    Affected Products : unixodbc
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2531

    Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: Nov. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2314

    The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.... Read more

    Affected Products : anaconda
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4383

    Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal jquery_countdown
    • Published: Jan. 31, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-6372

    The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.... Read more

    Affected Products : subversion-plugin
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6493

    The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.... Read more

    Affected Products : icedtea-web
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6497

    clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.... Read more

    Affected Products : clamav
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4503

    Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.... Read more

    Affected Products : feed_element_mapper
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-2190

    The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.... Read more

    Affected Products : cherokee
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293643 Results