Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-0379

    FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.... Read more

    Affected Products : freebsd
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0055

    The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.... Read more

    Affected Products : freebsd
    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-2159

    Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.... Read more

    Affected Products : internet_explorer
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-4789

    resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the i... Read more

    Affected Products : suse_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0382

    Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4783

    kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.... Read more

    Affected Products : netbsd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1056

    The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one... Read more

    Affected Products : linux_kernel enterprise_linux freebsd
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-1952

    The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.... Read more

    Affected Products : xen_para_virtualized_frame_buffer
    • Published: Jun. 23, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-1970

    muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.... Read more

    Affected Products : mucommander
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-7273

    GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.... Read more

    Affected Products : gnome_display_manager
    • Published: Apr. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-1191

    The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.... Read more

    Affected Products : del.icio.us_module
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-4974

    The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory v... Read more

    Affected Products : personal_firewall_ndis_filter
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-3898

    Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations ... Read more

    Affected Products : drivecrypt_plus_pack
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3895

    LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated ... Read more

    Affected Products : lilo
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-0384

    Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in op... Read more

    Affected Products : tor tor
    • Published: Jan. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-3488

    Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a differe... Read more

    Affected Products : drupal bibliography
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-7207

    RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.... Read more

    Affected Products : rivettracker
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-4506

    Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML ... Read more

    Affected Products : custom_meta
    • Published: Jun. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-4394

    Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.... Read more

    Affected Products : suse_linux suse_linux
    • Published: Aug. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-4898

    Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NOTE: S... Read more

    Affected Products : xwiki
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293609 Results