Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-4151

    The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk.... Read more

    Affected Products : desktop
    • Published: Dec. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4788

    resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."... Read more

    Affected Products : suse_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1355

    Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.... Read more

    Affected Products : solaris sunos
    • Published: Apr. 26, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-8733

    Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.... Read more

    Affected Products : cloudera_manager
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-0923

    The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renam... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-2327

    Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Administrator.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-1387

    The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : http_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-7128

    Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this... Read more

    Affected Products : steamos
    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0227

    Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.... Read more

    Affected Products : drupal search_api_sorts
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2612

    Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.... Read more

    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2201

    The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.... Read more

    Affected Products : xsan
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-1999-1446

    Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the us... Read more

    Affected Products : internet_explorer
    • Published: Aug. 05, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5429

    The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it ... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2297

    Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creati... Read more

    Affected Products : drupal creativecommons
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1951

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by levera... Read more

    Affected Products : maximo_asset_management
    • Published: Jul. 01, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-1999-1214

    The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to ... Read more

    Affected Products : freebsd netbsd openbsd bsd irix
    • Published: Sep. 15, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3159

    pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns th... Read more

    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-4949

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 pla... Read more

    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1822

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or re... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-5483

    p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.... Read more

    Affected Products : freebsd
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 293280 Results