Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2011-4181

    A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.23
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4126

    Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.... Read more

    Affected Products : calibre
    • EPSS Score: %0.47
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4125

    A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.... Read more

    Affected Products : calibre
    • EPSS Score: %0.71
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4124

    Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.... Read more

    Affected Products : calibre
    • EPSS Score: %0.61
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4121

    The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, dep... Read more

    Affected Products : ruby
    • EPSS Score: %0.10
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4120

    Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common auth... Read more

    Affected Products : linux_kernel debian_linux pam_module
    • EPSS Score: %1.48
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4119

    caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.... Read more

    Affected Products : caml-light
    • EPSS Score: %0.53
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4117

    The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.... Read more

    Affected Products : batch\
    • EPSS Score: %0.38
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4115

    Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.... Read more

    Affected Products : parallel\
    • EPSS Score: %0.39
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4095

    Jara 1.6 has an XSS vulnerability... Read more

    Affected Products : jara
    • EPSS Score: %0.83
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4094

    Jara 1.6 has a SQL injection vulnerability.... Read more

    Affected Products : jara
    • EPSS Score: %5.60
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4090

    Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.... Read more

    Affected Products : serendipity
    • EPSS Score: %2.26
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4088

    ABRT might allow attackers to obtain sensitive information from crash reports.... Read more

    • EPSS Score: %0.74
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4082

    A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.... Read more

    Affected Products : debian_linux phpldapadmin
    • EPSS Score: %0.92
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2011-4076

    OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could al... Read more

    Affected Products : nova
    • EPSS Score: %0.41
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4069

    html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.88
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4068

    The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.64
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3923

    Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.... Read more

    Affected Products : struts jboss_enterprise_web_server
    • EPSS Score: %90.65
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3901

    Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.... Read more

    Affected Products : android
    • EPSS Score: %0.28
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3656

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.... Read more

    Affected Products : firefox
    • EPSS Score: %0.27
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291608 Results