Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2019-2961

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : solaris solaris
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2000-0880

    LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdproces... Read more

    Affected Products : lpplus
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2270

    Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1322

    xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.... Read more

    Affected Products : xinetd
    • Published: Jul. 10, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1258

    Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.... Read more

    Affected Products : imp
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-1127

    registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the per... Read more

    Affected Products : hp-ux
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1395

    Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-1366

    Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.... Read more

    Affected Products : pegasus_mail
    • Published: May. 15, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-2451

    The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it ... Read more

    Affected Products : config-inifiles
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-4426

    pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.... Read more

    Affected Products : pyxtrlock
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-1122

    bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privil... Read more

    Affected Products : mantisbt
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-2391

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-6150

    The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access... Read more

    Affected Products : ubuntu_linux samba
    • Published: Dec. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-0914

    The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted appli... Read more

    Affected Products : linux_kernel
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-2692

    MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary atta... Read more

    Affected Products : mantisbt
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-4745

    ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.... Read more

    Affected Products : pocketexpense_pro
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2617

    The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application w... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2582

    Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete lic... Read more

    Affected Products : kaspersky_anti-virus
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3589

    vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the S... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293612 Results