Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-9585

    The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end o... Read more

    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-0547

    client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a craft... Read more

    Affected Products : samba
    • Published: Feb. 04, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-4605

    The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-6340

    Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.... Read more

    Affected Products : lsrunase supercrypt
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6744

    Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified ... Read more

    Affected Products : installshield
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-0740

    IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this fil... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-0119

    Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."... Read more

    Affected Products : freebsd bournal
    • Published: Feb. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2016-0605

    Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.... Read more

    Affected Products : enterprise_linux leap mysql opensuse
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-0456

    The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3815

    heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.... Read more

    Affected Products : heartbeat
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-0710

    The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.... Read more

    Affected Products : mac_os_x ichat
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0636

    Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."... Read more

    Affected Products : incron
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6921

    Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6953

    The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.... Read more

    Affected Products : mobility_manager
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6182

    The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : gnotebook
    • Published: Dec. 01, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6145

    CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknow... Read more

    Affected Products : crypto-server
    • Published: Nov. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-1322

    QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.... Read more

    Affected Products : debian_linux qemu
    • Published: May. 02, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-0085

    JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source ... Read more

    Affected Products : jboss_fuse jboss_a-mq
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8536

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8607

    The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.... Read more

    Affected Products : xcloner
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292849 Results