Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-4824

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1956

    The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions vi... Read more

    Affected Products : linux_kernel
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-6986

    The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements.... Read more

    Affected Products : subway_ordering_for_california
    • Published: Dec. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2031

    smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.... Read more

    Affected Products : opensolaris
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-4537

    NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : dec_openvms_alpha
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4208

    The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.... Read more

    Affected Products : putty putty
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-6921

    Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6953

    The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.... Read more

    Affected Products : mobility_manager
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6127

    Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 27, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6126

    Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Nov. 27, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-4183

    The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : cinder
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5956

    XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : phprunner
    • Published: Nov. 17, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0422

    DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.... Read more

    Affected Products : codebank
    • Published: Apr. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-5870

    The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-1224

    Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1289

    The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies addit... Read more

    Affected Products : freebsd netbsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0387

    remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : remstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0584

    IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.... Read more

    Affected Products : mdaemon
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0312

    WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a for... Read more

    Affected Products : war_ftp_daemon
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293609 Results