Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2009-4269

    The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for... Read more

    Affected Products : derby
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-3499

    The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Aug. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-2040

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated use... Read more

    Affected Products : media_file_renamer
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5240

    Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted... Read more

    Affected Products : debian_linux wordpress
    • Published: Aug. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5247

    The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API ... Read more

    Affected Products : ganeti ganeti
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5270

    Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the abil... Read more

    Affected Products : debian_linux libgcrypt
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-3813

    A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.... Read more

    Affected Products : enterprise_linux
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-3533

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.... Read more

    Affected Products : debian_linux dbus opensuse mageia
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4039

    ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/... Read more

    • Published: Jun. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-1319

    The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.... Read more

    Affected Products : linux_kernel linux secure_linux
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-1943

    Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.... Read more

    • Published: May. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-5351

    The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3602

    Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.... Read more

    Affected Products : openshift openshift
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5398

    Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XM... Read more

    Affected Products : wonderware_information_server
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-4529

    Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockop... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-2234

    The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by read... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5447

    Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0... Read more

    Affected Products : zarafa webapp
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5449

    Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.... Read more

    Affected Products : webapp webaccess
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1108

    The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.... Read more

    Affected Products : iphone_os
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1319

    The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen i... Read more

    Affected Products : ubuntu_linux
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293656 Results