Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2024-54014

    Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application i... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 3.6

    LOW
    CVE-2013-0254

    The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or... Read more

    Affected Products : qt qt
    • Published: Feb. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-7206

    The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.... Read more

    Affected Products : advanced_package_tool apt
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-8527

    McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password."... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-7311

    libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.... Read more

    Affected Products : xen
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-5638

    The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.... Read more

    Affected Products : sanlock
    • Published: Dec. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-3511

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect integrity and availability via unknown vectors related to Privileged Accou... Read more

    Affected Products : database_server
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-2391

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3453

    logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.... Read more

    Affected Products : logol
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-4518

    ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.... Read more

    Affected Products : ibacm
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3454

    eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.... Read more

    Affected Products : extplorer
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2020-29374

    An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore ... Read more

    • Published: Nov. 28, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2013-0164

    The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.... Read more

    Affected Products : openshift openshift_origin
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3504

    The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.... Read more

    Affected Products : crypto-utils
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-6150

    The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access... Read more

    Affected Products : ubuntu_linux samba
    • Published: Dec. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2008-0666

    Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.... Read more

    Affected Products : website_meta_language
    • Published: Feb. 11, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2024-56433

    shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potential... Read more

    Affected Products : shadow-utils
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 3.6

    LOW
    CVE-2013-4157

    Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.... Read more

    Affected Products : storage_server
    • Published: Oct. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-5364

    Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configura... Read more

    Affected Products : enterprise_linux csi_agent
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-0698

    4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.... Read more

    Affected Products : webstar
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293414 Results