Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-3782

    Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3476

    Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.... Read more

    Affected Products : openvms
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3021

    image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.... Read more

    Affected Products : vbulletin
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-4870

    dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.... Read more

    Affected Products : enterprise_linux dovecot
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-1435

    NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : officescan
    • Published: Apr. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-0013

    dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-3074

    SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.... Read more

    Affected Products : encfs
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-6385

    The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.... Read more

    Affected Products : winroute_firewall
    • Published: Dec. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-4605

    The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-3719

    The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Sup... Read more

    Affected Products : linux_kernel
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6680

    Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.... Read more

    Affected Products : aix
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-1860

    lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.... Read more

    Affected Products : linux_kernel
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-3789

    Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.... Read more

    Affected Products : samba
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-0456

    The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-3875

    The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structur... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-0518

    VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.... Read more

    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-5790

    The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.... Read more

    Affected Products : globe7
    • Published: Nov. 01, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6340

    Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.... Read more

    Affected Products : lsrunase supercrypt
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-1608

    The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.... Read more

    Affected Products : php
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-6744

    Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified ... Read more

    Affected Products : installshield
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293613 Results