Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-28195

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.... Read more

    Affected Products : macos
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-22808

    An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 be... Read more

    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 3.3

    LOW
    CVE-2017-3301

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Sol... Read more

    Affected Products : solaris
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2023-25815

    In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `ge... Read more

    Affected Products : fedora git_for_windows
    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-2005

    IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007... Read more

    Affected Products : bigfix_platform
    • Published: May. 20, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2003-1366

    chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2018-4322

    This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.... Read more

    Affected Products : iphone_os
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40442

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-4193

    Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.... Read more

    Affected Products : merkaartor
    • Published: Dec. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2009-5079

    The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.... Read more

    Affected Products : groff
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-5828

    Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been all... Read more

    Affected Products : endpoint_protection_manager
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-3614

    liboping 1.3.2 allows users reading arbitrary files upon the local system.... Read more

    Affected Products : debian_linux liboping
    • Published: Nov. 09, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-4664

    Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.... Read more

    Affected Products : linux_kernel firewall_builder
    • Published: Mar. 03, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-5007

    The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.... Read more

    Affected Products : anyconnect_ssl_vpn
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2017-3474

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Sola... Read more

    Affected Products : solaris solaris
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-17807

    The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2018-6556

    lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be us... Read more

    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-5081

    Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.... Read more

    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-17864

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-5387

    The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affect... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294522 Results