Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-1680

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR p... Read more

    • EPSS Score: %3.16
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3099

    usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of se... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.23
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-4571

    The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory con... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.13
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-7824

    D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnera... Read more

    Affected Products : ubuntu_linux debian_linux dbus mageia
    • EPSS Score: %0.10
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-2527

    The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.... Read more

    Affected Products : qemu
    • EPSS Score: %0.09
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-1294

    Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: May. 02, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4833

    fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.... Read more

    Affected Products : aix vios
    • EPSS Score: %0.05
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-1273

    Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.... Read more

    Affected Products : winamp
    • EPSS Score: %0.23
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5530

    The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.... Read more

    Affected Products : performance_co-pilot
    • EPSS Score: %0.14
    • Published: Nov. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2585

    Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.36
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-2607

    A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loo... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0381

    Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.... Read more

    Affected Products : noweb
    • EPSS Score: %0.11
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0535

    The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sour... Read more

    • EPSS Score: %0.09
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0959

    rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.... Read more

    Affected Products : php
    • EPSS Score: %5.20
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-1186

    Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.... Read more

    • EPSS Score: %0.09
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6206

    The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow... Read more

    • EPSS Score: %0.08
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6207

    Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2003-0207

    ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.... Read more

    Affected Products : gs-common
    • EPSS Score: %0.11
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-1631

    The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by readi... Read more

    Affected Products : evolution
    • EPSS Score: %0.10
    • Published: May. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6389

    The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.... Read more

    Affected Products : screensaver
    • EPSS Score: %0.07
    • Published: Dec. 17, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291384 Results