Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2015-1197

    cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.... Read more

    Affected Products : cpio
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2009-5117

    The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files.... Read more

    Affected Products : host_data_loss_prevention
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4078

    The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FB... Read more

    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4074

    The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, a... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-0473

    The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.... Read more

    Affected Products : smb4k
    • Published: Feb. 03, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4075

    The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0527

    The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the sc... Read more

    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2007-1865

    The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a... Read more

    Affected Products : enterprise_linux
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-0120

    Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.... Read more

    Affected Products : web_vulnerability_scanner
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-2329

    Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2005-1488

    Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.ht... Read more

    Affected Products : web_mail mail_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2013-1917

    Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not p... Read more

    Affected Products : xen
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-0742

    IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.... Read more

    Affected Products : tivoli_event_pump
    • Published: Apr. 09, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-3432

    Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events... Read more

    Affected Products : solaris opensolaris
    • Published: Sep. 28, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-0218

    Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a ... Read more

    Affected Products : xen
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1078

    The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO optio... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-0700

    The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.... Read more

    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6545

    The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2002-2283

    Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.... Read more

    Affected Products : windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2008-3876

    Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a ... Read more

    Affected Products : iphone
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294759 Results