Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2020-29562

    The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.... Read more

    • Published: Dec. 04, 2020
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2020-27618

    The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infini... Read more

    • Published: Feb. 26, 2021
    • Modified: Jun. 09, 2025

  • 6.7

    MEDIUM
    CVE-2020-13776

    systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of a... Read more

    • Published: Jun. 03, 2020
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2019-5747

    An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. ... Read more

    Affected Products : ubuntu_linux busybox
    • Published: Jan. 09, 2019
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2019-25013

    The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.... Read more

    • Published: Jan. 04, 2021
    • Modified: Jun. 09, 2025

  • 5.1

    MEDIUM
    CVE-2019-20386

    An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.... Read more

    • Published: Jan. 21, 2020
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2019-18276

    An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does s... Read more

    • Published: Nov. 28, 2019
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2019-12900

    BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.... Read more

    • Published: Jun. 19, 2019
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-6954

    systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later r... Read more

    Affected Products : ubuntu_linux leap systemd systemd
    • Published: Feb. 13, 2018
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2018-20679

    An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is r... Read more

    • Published: Jan. 09, 2019
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2018-15688

    A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.... Read more

    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-15687

    A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.... Read more

    Affected Products : ubuntu_linux systemd
    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-15686

    A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected r... Read more

    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000517

    BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. ... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Jun. 26, 2018
    • Modified: Jun. 09, 2025

  • 8.1

    HIGH
    CVE-2018-1000500

    Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromi... Read more

    Affected Products : busybox
    • Published: Jun. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2018-1000168

    nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network clie... Read more

    Affected Products : debian_linux node.js nghttp2
    • Published: May. 08, 2018
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2017-18018

    In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race co... Read more

    Affected Products : coreutils
    • Published: Jan. 04, 2018
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2017-16544

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. T... Read more

    • Published: Nov. 20, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15874

    archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.... Read more

    Affected Products : busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15873

    The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025
Showing 20 of 293343 Results