Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2010-2192

    The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.... Read more

    Affected Products : pmount
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-0769

    IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a c... Read more

    Affected Products : websphere_application_server
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-2803

    The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potent... Read more

    • Published: Sep. 08, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0120

    Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.... Read more

    Affected Products : web_vulnerability_scanner
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2006-6698

    The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time,... Read more

    Affected Products : gconf
    • Published: Dec. 22, 2006
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-0004

    The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the ser... Read more

    Affected Products : enterprise_linux
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-6547

    The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-1958

    The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restri... Read more

    Affected Products : linux_kernel
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2634

    net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2006-1810

    Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Locati... Read more

    Affected Products : flexbb
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2012-3734

    Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.... Read more

    Affected Products : iphone_os
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-4535

    Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."... Read more

    Affected Products : xen
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6549

    The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3729

    The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that ... Read more

    Affected Products : iphone_os
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-1295

    Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecif... Read more

    Affected Products : ubuntu apport
    • Published: Apr. 30, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2015-1145

    The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-1917

    Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not p... Read more

    Affected Products : xen
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3597

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-1160

    GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being e... Read more

    Affected Products : nano
    • Published: Apr. 16, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3876

    net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to ... Read more

    • Published: Jan. 03, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294466 Results