Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-1087

    Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.... Read more

    Affected Products : iphone_os
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-1265

    The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 16, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1410

    The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a de... Read more

    Affected Products : postgresql secure_linux
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-3320

    Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.... Read more

    Affected Products : usb_enhanced_performance_keyboard
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-4571

    The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory con... Read more

    Affected Products : linux_kernel
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0958

    Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-5832

    The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0372

    xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.... Read more

    Affected Products : xine
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1438

    The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.... Read more

    Affected Products : subversion
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-3494

    The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bit... Read more

    Affected Products : xen xenserver
    • Published: Nov. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-5892

    Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0233

    Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.... Read more

    Affected Products : propack slackware_linux utempter
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2016-0592

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.... Read more

    Affected Products : debian_linux vm_virtualbox
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-3669

    Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.... Read more

    Affected Products : mercury_messenger
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3457

    Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow... Read more

    • Published: Aug. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1349

    gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.... Read more

    Affected Products : solaris solaris gzip
    • Published: Oct. 04, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4352

    The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then ... Read more

    Affected Products : linux_kernel netbsd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1234

    load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1808

    Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : metamail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1356

    Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.... Read more

    Affected Products : solaris sunos
    • Published: Apr. 23, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293425 Results