Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2020-1862

    There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product ... Read more

    Affected Products : manageone campusinsight
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-1681

    vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of... Read more

    Affected Products : open-vm-tools
    • Published: Apr. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-46051

    TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.... Read more

    Affected Products :
    • Published: Mar. 27, 2024
    • Modified: Nov. 29, 2024

  • 3.3

    LOW
    CVE-2012-2394

    Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP ... Read more

    Affected Products : wireshark
    • Published: Jun. 30, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-21108

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 16, 2024
    • Modified: Dec. 05, 2024

  • 3.3

    LOW
    CVE-2011-1679

    ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of th... Read more

    Affected Products : ncpfs
    • Published: Apr. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2011-1585

    The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by... Read more

    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-15859

    QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.... Read more

    Affected Products : debian_linux qemu
    • Published: Jul. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-17055

    base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.... Read more

    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-1183

    Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.... Read more

    Affected Products : solaris
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-2056

    Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.... Read more

    Affected Products : ios_xr
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2011-0702

    The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.... Read more

    Affected Products : feh feh
    • Published: Feb. 14, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-16126

    An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages ... Read more

    Affected Products : accountsservice
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-8730

    The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.... Read more

    Affected Products : macos mac_os_x
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-1144

    The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnera... Read more

    Affected Products : pear
    • Published: Mar. 03, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2017-18196

    Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper ... Read more

    Affected Products : leptonica
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-9908

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the ho... Read more

    Affected Products : qemu
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2019-11485

    Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.... Read more

    Affected Products : ubuntu_linux apport apport
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-9085

    Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : fedora libwebp
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2011-0541

    fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.... Read more

    Affected Products : fuse
    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293284 Results