Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-1142

    LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1678

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR p... Read more

    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1676

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR p... Read more

    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-5056

    The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records i... Read more

    Affected Products : maradns
    • Published: Jan. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1005

    IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : scada_web_server
    • Published: Oct. 25, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-2234

    The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by read... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1109

    NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.... Read more

    Affected Products : iphone_os
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-3430

    The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg sy... Read more

    Affected Products : linux_kernel
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1738

    The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kern... Read more

    • Published: May. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1360

    Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1319

    The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen i... Read more

    Affected Products : ubuntu_linux
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-2548

    The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive informatio... Read more

    Affected Products : linux_kernel enterprise_mrg
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-9568

    puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.... Read more

    Affected Products : rabbitmq
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1345

    The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.... Read more

    Affected Products : opensuse grep
    • Published: Feb. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1087

    Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.... Read more

    Affected Products : iphone_os
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8526

    McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1415

    The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the fil... Read more

    Affected Products : freebsd
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-3889

    Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowd... Read more

    Affected Products : linux_kernel postfix
    • Published: Sep. 12, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-1599

    The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.... Read more

    Affected Products : spcanywhere
    • Published: Mar. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8834

    UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293650 Results