Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2011-3582

    A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.... Read more

    Affected Products : advanced_electron_forums
    • EPSS Score: %0.14
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-3477

    GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via un... Read more

    • EPSS Score: %0.06
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3374

    It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.... Read more

    Affected Products : debian_linux advanced_package_tool
    • EPSS Score: %1.51
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3373

    Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specia... Read more

    Affected Products : views_builk_operations
    • EPSS Score: %0.59
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3370

    statusnet before 0.9.9 has XSS... Read more

    Affected Products : statusnet
    • EPSS Score: %0.31
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2011-3355

    evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credent... Read more

    Affected Products : linux_kernel evolution-data-server3
    • EPSS Score: %0.21
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2011-3352

    Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbi... Read more

    Affected Products : zikula
    • EPSS Score: %0.30
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2011-3351

    openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary file... Read more

    Affected Products : openvas-scanner
    • EPSS Score: %0.15
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3350

    masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.... Read more

    Affected Products : masqmail
    • EPSS Score: %0.39
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-3349

    lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.... Read more

    Affected Products : lightdm
    • EPSS Score: %0.11
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-3336

    regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.... Read more

    Affected Products : macos freebsd mac_os_x php openbsd
    • EPSS Score: %23.65
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3269

    Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.... Read more

    • EPSS Score: %0.32
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3203

    A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.... Read more

    Affected Products : jcow_cms
    • EPSS Score: %0.41
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3202

    A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.... Read more

    Affected Products : jcow_cms
    • EPSS Score: %0.23
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3183

    A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.... Read more

    Affected Products : concrete_cms
    • EPSS Score: %0.24
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3178

    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.... Read more

    • EPSS Score: %0.33
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3172

    A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.... Read more

    Affected Products : suse_linux_enterprise_server
    • EPSS Score: %0.23
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2011-3151

    The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.... Read more

    Affected Products : selinux
    • EPSS Score: %0.16
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2011-3147

    Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.... Read more

    Affected Products : nova
    • EPSS Score: %0.18
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3145

    When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.... Read more

    Affected Products : mount.ecrpytfs_private
    • EPSS Score: %0.23
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291625 Results