Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2024-42193

    HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability ... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2008-6756

    ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.... Read more

    Affected Products : zoneminder linux
    • Published: Apr. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2003-0476

    The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5915

    An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up... Read more

    Affected Products : chrome
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-1030

    mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : mac_os_x
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2918

    The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of ... Read more

    Affected Products : thegreenbow_vpn_client
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-0682

    vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of ... Read more

    Affected Products : internet_security_suite
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-4145

    nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to ... Read more

    Affected Products : networkmanager
    • Published: Dec. 23, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-0489

    The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.... Read more

    Affected Products : wicd
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-2851

    smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.... Read more

    Affected Products : smb4k
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-2899

    The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.... Read more

    Affected Products : hyperic_hq
    • Published: Dec. 05, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-0754

    PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to o... Read more

    Affected Products : php apache
    • Published: Mar. 03, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-1679

    The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physi... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-2796

    The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.... Read more

    Affected Products : iphone_os
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-2910

    arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 proces... Read more

    • Published: Oct. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-4870

    dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.... Read more

    Affected Products : enterprise_linux dovecot
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-8133

    arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanis... Read more

    Affected Products : linux_kernel
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-0503

    IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.... Read more

    Affected Products : websphere_message_broker
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-6191

    Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries.... Read more

    Affected Products : swimage_encore
    • Published: Feb. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-5912

    An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a ... Read more

    Affected Products : internet_explorer
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294848 Results