Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2007-5373

    ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepasswor... Read more

    Affected Products : ldapscripts
    • Published: Oct. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-3875

    The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structur... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3074

    SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.... Read more

    Affected Products : encfs
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2087

    The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation,... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 13, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-2797

    xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.... Read more

    Affected Products : enterprise_linux debian_linux xterm
    • Published: Aug. 27, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-4605

    The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-6385

    The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.... Read more

    Affected Products : winroute_firewall
    • Published: Dec. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-0010

    The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6418

    The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.... Read more

    Affected Products : debian_linux
    • Published: Dec. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-0740

    IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this fil... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-2691

    The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-0518

    VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.... Read more

    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-2337

    The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.... Read more

    Affected Products : inlook
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2440

    Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.... Read more

    Affected Products : proxytunnel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2365

    Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2414

    Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obt... Read more

    Affected Products : netware
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0547

    GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.... Read more

    Affected Products : gdm kdebase
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0727

    Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.... Read more

    Affected Products : database_server
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0793

    GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).... Read more

    Affected Products : gdm
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1437

    BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293654 Results