Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2002-1319

    The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.... Read more

    Affected Products : linux_kernel linux secure_linux
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0394

    A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1983

    The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.... Read more

    Affected Products : linux pax_linux
    • Published: May. 02, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-2284

    The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspe... Read more

    • Published: Oct. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-1945

    QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, ... Read more

    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-3873

    The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel ... Read more

    Affected Products : freebsd
    • Published: Jun. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-2343

    Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.... Read more

    Affected Products : scada_data_gateway
    • Published: May. 30, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-2928

    The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.... Read more

    Affected Products : vcenter_server
    • Published: Feb. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-2038

    The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-4269

    The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for... Read more

    Affected Products : derby
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-2040

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated use... Read more

    Affected Products : media_file_renamer
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1933

    The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by... Read more

    Affected Products : pillow python_imaging_library
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-3160

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.... Read more

    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-1943

    Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.... Read more

    • Published: May. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-0790

    sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.... Read more

    Affected Products : ncpfs
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-1969

    Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-4080

    The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IO... Read more

    • Published: Nov. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-4431

    Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4455

    dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.... Read more

    Affected Products : iphone_os tvos
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-0012

    The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.... Read more

    Affected Products : bugzilla
    • Published: Jan. 17, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293544 Results