Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2003-0476

    The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-1149

    probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a ... Read more

    Affected Products : udisks
    • Published: Apr. 12, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2796

    The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.... Read more

    Affected Products : iphone_os
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-8133

    arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanis... Read more

    Affected Products : linux_kernel
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-0223

    Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext d... Read more

    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-2875

    Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /de... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-1539

    Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comm... Read more

    Affected Products : drupal workflow
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2918

    The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of ... Read more

    Affected Products : thegreenbow_vpn_client
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-0518

    VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.... Read more

    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-1756

    SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.... Read more

    Affected Products : slim_simple_login_manager
    • Published: May. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6696

    Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1... Read more

    Affected Products : webcalendar
    • Published: Feb. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6744

    Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified ... Read more

    Affected Products : installshield
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3875

    The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structur... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8991

    pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.... Read more

    Affected Products : solaris pip
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1426

    Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.... Read more

    Affected Products : facter facter
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-1162

    The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-6680

    Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.... Read more

    Affected Products : aix
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-0663

    Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.... Read more

    • Published: Feb. 08, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3379

    Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.... Read more

    Affected Products : enterprise_linux linux
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-1505

    Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.... Read more

    • Published: Mar. 19, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results