Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2012-3432

    The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial o... Read more

    Affected Products : xen
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6548

    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-5150

    The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4242

    GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.... Read more

    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2023-31305

    Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 06, 2024

  • 1.9

    LOW
    CVE-2009-0142

    Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Feb. 12, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-5107

    The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.... Read more

    Affected Products : presentation_server desktop_server
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4212

    The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data.... Read more

    Affected Products : android usaa
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-9415

    Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-4693

    Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.... Read more

    Affected Products : wonderware_intouch processsuite
    • Published: Dec. 18, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3116

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1901

    The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.... Read more

    Affected Products : infosphere_information_server
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-7404

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for ... Read more

    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2003-1399

    eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.... Read more

    Affected Products : eject
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2015-1064

    Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.... Read more

    Affected Products : iphone_os
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2012-0098

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4481

    Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."... Read more

    Affected Products : enterprise_linux luci
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-2534

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerabil... Read more

    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-2580

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.... Read more

    Affected Products : solaris
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-2893

    The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.... Read more

    Affected Products : opensuse clang
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294354 Results