Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2011-3147

    Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.... Read more

    Affected Products : nova
    • EPSS Score: %0.18
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3145

    When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.... Read more

    Affected Products : mount.ecrpytfs_private
    • EPSS Score: %0.23
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-2936

    Elgg through 1.7.10 has a SQL injection vulnerability... Read more

    Affected Products : elgg
    • EPSS Score: %0.32
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-2935

    Elgg through 1.7.10 has XSS... Read more

    Affected Products : elgg
    • EPSS Score: %0.31
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-2934

    A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.14
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2011-2933

    An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.45
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-2924

    foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting ar... Read more

    Affected Products : fedora debian_linux foomatic-filters
    • EPSS Score: %0.13
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-2923

    foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbit... Read more

    Affected Products : debian_linux foomatic-filters
    • EPSS Score: %0.19
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-2922

    ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.... Read more

    Affected Products : ktsuss
    • EPSS Score: %0.15
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2921

    ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.... Read more

    Affected Products : ktsuss
    • EPSS Score: %71.59
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-2916

    qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.... Read more

    Affected Products : qtnx
    • EPSS Score: %0.06
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2011-2910

    The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow pos... Read more

    Affected Products : debian_linux ax25-tools
    • EPSS Score: %0.13
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2011-2902

    zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.... Read more

    Affected Products : debian_linux xpdf
    • EPSS Score: %0.59
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-2897

    gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw... Read more

    • EPSS Score: %0.98
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-2863

    Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.19
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-2808

    A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.... Read more

    Affected Products : chrome blink
    • EPSS Score: %0.42
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-2807

    Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.... Read more

    Affected Products : chrome blink
    • EPSS Score: %0.17
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2767

    mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HT... Read more

    • EPSS Score: %4.88
    • Published: Aug. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-2765

    pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.... Read more

    Affected Products : pyro
    • EPSS Score: %0.43
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-2726

    An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in co... Read more

    • EPSS Score: %0.50
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results