Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2011-3352

    Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbi... Read more

    Affected Products : zikula
    • EPSS Score: %0.30
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2011-3351

    openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary file... Read more

    Affected Products : openvas-scanner
    • EPSS Score: %0.15
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3350

    masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.... Read more

    Affected Products : masqmail
    • EPSS Score: %0.39
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-3349

    lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.... Read more

    Affected Products : lightdm
    • EPSS Score: %0.11
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-3336

    regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.... Read more

    Affected Products : macos freebsd mac_os_x php openbsd
    • EPSS Score: %23.65
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3269

    Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.... Read more

    • EPSS Score: %0.32
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3203

    A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.... Read more

    Affected Products : jcow_cms
    • EPSS Score: %0.41
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3202

    A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.... Read more

    Affected Products : jcow_cms
    • EPSS Score: %0.23
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3183

    A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.... Read more

    Affected Products : concrete_cms
    • EPSS Score: %0.24
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3178

    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.... Read more

    • EPSS Score: %0.33
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3172

    A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.... Read more

    Affected Products : suse_linux_enterprise_server
    • EPSS Score: %0.23
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2011-3151

    The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.... Read more

    Affected Products : selinux
    • EPSS Score: %0.16
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2011-3147

    Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.... Read more

    Affected Products : nova
    • EPSS Score: %0.18
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3145

    When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.... Read more

    Affected Products : mount.ecrpytfs_private
    • EPSS Score: %0.23
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-2936

    Elgg through 1.7.10 has a SQL injection vulnerability... Read more

    Affected Products : elgg
    • EPSS Score: %0.32
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-2935

    Elgg through 1.7.10 has XSS... Read more

    Affected Products : elgg
    • EPSS Score: %0.31
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-2934

    A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.14
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2011-2933

    An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.45
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-2924

    foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting ar... Read more

    Affected Products : fedora debian_linux foomatic-filters
    • EPSS Score: %0.13
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-2923

    foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbit... Read more

    Affected Products : debian_linux foomatic-filters
    • EPSS Score: %0.19
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results