Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2009-5061

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UP... Read more

    Affected Products : lotus_quickr lotus_domino
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1149

    probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a ... Read more

    Affected Products : udisks
    • Published: Apr. 12, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-0007

    net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restri... Read more

    Affected Products : linux_kernel
    • Published: Jan. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8133

    arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanis... Read more

    Affected Products : linux_kernel
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-2875

    Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /de... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-1539

    Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comm... Read more

    Affected Products : drupal workflow
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2928

    The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.... Read more

    Affected Products : vcenter_server
    • Published: Feb. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1378

    IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-3228

    The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to ob... Read more

    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-1834

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.... Read more

    Affected Products : http_server
    • Published: Mar. 20, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-2389

    hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.... Read more

    Affected Products : hostapd
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-100039

    mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third pa... Read more

    Affected Products : malwarebytes_anti-exploit
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4218

    The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.... Read more

    Affected Products : wimax_network_service
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0876

    Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to c... Read more

    • Published: Aug. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1445

    The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1279

    Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.... Read more

    Affected Products : tvos apple_tv
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3160

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.... Read more

    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4216

    The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permission... Read more

    Affected Products : wimax_network_service
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4217

    The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleart... Read more

    Affected Products : wimax_network_service
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293609 Results