Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-1859

    Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak."... Read more

    Affected Products : linux_kernel
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3295

    Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."... Read more

    Affected Products : hp-ux
    • Published: Oct. 23, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4344

    Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.... Read more

    Affected Products : coldfusion
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2563

    The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.... Read more

    Affected Products : php
    • Published: May. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2487

    Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.... Read more

    • Published: Aug. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2451

    Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.... Read more

    Affected Products : ios ios_xr
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0432

    Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly pro... Read more

    Affected Products : weblogic_server
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2509

    Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0822

    Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.... Read more

    Affected Products : metaframe_password_manager
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0072

    zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.... Read more

    Affected Products : zhcon
    • Published: Jan. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1453

    GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the prog... Read more

    Affected Products : glibc
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2196

    The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.... Read more

    Affected Products : airport_card
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3088

    fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.... Read more

    Affected Products : fetchmail
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0977

    The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0996

    main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : debian_linux unixware linux cscope
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-3379

    Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.... Read more

    Affected Products : enterprise_linux linux
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6131

    buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.... Read more

    Affected Products : fedora_core
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3724

    The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processe... Read more

    Affected Products : windows_xp
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3337

    wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.... Read more

    Affected Products : database_server
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-1589

    TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.... Read more

    Affected Products : linux_kernel truecrypt
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293329 Results