Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2000-1127

    registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the per... Read more

    Affected Products : hp-ux
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-0133

    Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a dif... Read more

    Affected Products : aix
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-1366

    Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.... Read more

    Affected Products : pegasus_mail
    • Published: May. 15, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-3164

    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.... Read more

    Affected Products : opensuse x_server xorg-server
    • Published: Jul. 01, 2015
    • Modified: Aug. 29, 2025

  • 3.6

    LOW
    CVE-2002-2270

    Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-2319

    IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2019-6679

    On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are sy... Read more

    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2005-0894

    OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.... Read more

    Affected Products : openmosixview
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0576

    Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.... Read more

    Affected Products : solaris
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-1710

    The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.... Read more

    Affected Products : basilix_webmail
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2582

    Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete lic... Read more

    Affected Products : kaspersky_anti-virus
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2617

    The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application w... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-1156

    StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.... Read more

    Affected Products : staroffice
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2334

    Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.... Read more

    Affected Products : joe
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0288

    The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.... Read more

    Affected Products : webseries_payment_application
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-2664

    Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.... Read more

    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-1351

    Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.... Read more

    Affected Products : iphone_os
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-1257

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2017-1699

    IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.... Read more

    Affected Products : websphere_mq mq
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-44129

    The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by... Read more

    Affected Products : android v60_thin_q_5g
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293360 Results