Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-4352

    The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then ... Read more

    Affected Products : linux_kernel netbsd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3669

    Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.... Read more

    Affected Products : mercury_messenger
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3476

    Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.... Read more

    Affected Products : openvms
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1356

    Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.... Read more

    Affected Products : solaris sunos
    • Published: Apr. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4380

    MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.... Read more

    Affected Products : mysql
    • Published: Aug. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1785

    Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear... Read more

    Affected Products : document_server
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1346

    The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.... Read more

    Affected Products : solaris
    • Published: Jun. 19, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1844

    The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.... Read more

    Affected Products : shadow base-config
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-3842

    Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).... Read more

    Affected Products : sunos solaris
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5658

    rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log ... Read more

    Affected Products : openshift openshift_origin
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-0257

    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files i... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-3790

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Privileged Account.... Read more

    Affected Products : database_server
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-0193

    msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").... Read more

    Affected Products : catdoc
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-5297

    WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic c... Read more

    Affected Products : wordpress
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1007

    Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended worksta... Read more

    Affected Products : rt request_tracker
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-0180

    Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-0084

    The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended r... Read more

    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6494

    fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).... Read more

    Affected Products : fedora fedup
    • Published: Dec. 02, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0348

    thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : fedora opensuse thttpd linux sthttpd
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1810

    Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_b... Read more

    Affected Products : mantisbt
    • Published: May. 15, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293280 Results