Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2014-0018

    Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modif... Read more

    • EPSS Score: %0.06
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2492

    The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) t... Read more

    • EPSS Score: %0.06
    • Published: Jul. 28, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4082

    The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memo... Read more

    • EPSS Score: %0.07
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-0038

    Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.07
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4081

    The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM... Read more

    • EPSS Score: %0.09
    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2168

    The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.... Read more

    Affected Products : dbus opensuse
    • EPSS Score: %0.09
    • Published: Jul. 03, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2635

    The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3520

    The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0403

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6546

    The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.03
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4525

    Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.11
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-4508

    Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3310

    Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.12
    • Published: Sep. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6544

    The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI ... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.08
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4072

    The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl sys... Read more

    • EPSS Score: %0.10
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4421

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2011-1019

    The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4073

    The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_... Read more

    • EPSS Score: %0.24
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-0434

    PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain ... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.06
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-3431

    The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unin... Read more

    Affected Products : linux-pam linux-pam
    • EPSS Score: %0.08
    • Published: Jan. 24, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291783 Results