Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-0979

    The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NUL... Read more

    Affected Products : opensuse lightdm_gtk\+_greeter
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0034

    The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local ... Read more

    • Published: Feb. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-5040

    Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey,... Read more

    Affected Products : ghost_security_suite
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-2714

    Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonst... Read more

    Affected Products : android firefox
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-0727

    Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.... Read more

    Affected Products : database_server
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-1116

    The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.... Read more

    Affected Products : iphone_os
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1677

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR p... Read more

    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0257

    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files i... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1647

    Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka "Windows Hyper-V DoS Vulnerability."... Read more

    Affected Products : windows_8.1 windows_server_2012
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2381

    win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Informatio... Read more

    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-0334

    BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.... Read more

    Affected Products : bitchx
    • Published: May. 10, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-2433

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a... Read more

    • Published: Aug. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-2039

    /bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.... Read more

    Affected Products : rtos
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1983

    The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.... Read more

    Affected Products : rtos
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0531

    Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.... Read more

    Affected Products : linux openlinux openlinux_eserver
    • Published: Nov. 23, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2136

    dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 19, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1122

    ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.... Read more

    Affected Products : scriptlogic
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1740

    Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).... Read more

    Affected Products : mdaemon worldclient
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1125

    FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.... Read more

    Affected Products : freebsd
    • Published: Sep. 24, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0368

    Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.... Read more

    Affected Products : ios
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 294299 Results