Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2012-0300

    Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors.... Read more

    Affected Products : message_filter
    • Published: Jul. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-2602

    A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.... Read more

    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-0124

    NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a lim... Read more

    Affected Products : cuda_toolkit
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 3.3

    LOW
    CVE-2017-17807

    The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-17292

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C0... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-17294

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C0... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-3316

    The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a ... Read more

    Affected Products : linux-pam
    • Published: Jan. 24, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2015-3787

    The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-2877

    Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAI... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-4481

    Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file du... Read more

    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-2263

    Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive inf... Read more

    Affected Products : cloudera_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2023-3436

    Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. ... Read more

    Affected Products : xpdf
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4455

    The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.... Read more

    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2020-5829

    Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been all... Read more

    Affected Products : endpoint_protection_manager
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-0789

    fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.... Read more

    Affected Products : fuse
    • Published: Mar. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2022-37703

    In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking t... Read more

    Affected Products : amanda
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-2961

    A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.... Read more

    Affected Products : advancecomp
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025

  • 3.3

    LOW
    CVE-2014-9680

    sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstra... Read more

    Affected Products : sudo
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-4670

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-5525

    Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.... Read more

    Affected Products : solaris_cluster
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293606 Results