Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-6341

    oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.... Read more

    Affected Products : ovirt-engine ovirt
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-20671

    load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.... Read more

    Affected Products : binutils
    • Published: Jan. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20673

    The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow... Read more

    Affected Products : binutils
    • Published: Jan. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20651

    A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially cr... Read more

    Affected Products : binutils
    • Published: Jan. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53151

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the fo... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025

  • 5.5

    MEDIUM
    CVE-2016-5505

    Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-5468

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability th... Read more

    Affected Products : siebel_ui_framework siebel_crm
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-5329

    VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.... Read more

    Affected Products : mac_os_x fusion
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-5328

    VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.... Read more

    Affected Products : tools mac_os_x
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2018-20592

    In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.... Read more

    Affected Products : fedora mini-xml
    • Published: Dec. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53117

    In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 02, 2024
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-53101

    In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    MEDIUM
    CVE-2016-4961

    For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.... Read more

    • Published: Nov. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2018-20538

    There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.... Read more

    Affected Products : netwide_assembler nasm
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53090

    In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref o... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53086

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. (cherry picked from commit 7d1a4258e... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2018-20510

    The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53067

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence, only start the RTC update work after runtime power management i... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Mar. 07, 2025

  • 5.5

    MEDIUM
    CVE-2018-20458

    In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.... Read more

    Affected Products : radare2
    • Published: Dec. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20459

    In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass... Read more

    Affected Products : radare2
    • Published: Dec. 25, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292851 Results