Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2024-56433

    shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potential... Read more

    Affected Products : shadow-utils
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 3.6

    LOW
    CVE-2014-8994

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).... Read more

    Affected Products : check_diskio
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2013-5364

    Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configura... Read more

    Affected Products : enterprise_linux csi_agent
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-0914

    The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted appli... Read more

    Affected Products : linux_kernel
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-4956

    Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2017-10088

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the in... Read more

    • Published: Aug. 08, 2017
    • Modified: May. 08, 2025

  • 3.6

    LOW
    CVE-2006-5163

    IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.... Read more

    Affected Products : informix_dynamic_server
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2002-1509

    A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.... Read more

    Affected Products : linux
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-8527

    McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password."... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2002-0044

    GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.... Read more

    Affected Products : debian_linux linux enscript
    • Published: Jan. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2021-34428

    For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple... Read more

    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2019-4349

    IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486... Read more

    Affected Products : maximo_anywhere
    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2011-4339

    ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to k... Read more

    Affected Products : enterprise_linux ipmitool
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-8737

    Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or fu... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-4231

    The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.... Read more

    Affected Products : nx-os nexus_7000 nexus_7700
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2000-0880

    LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdproces... Read more

    Affected Products : lpplus
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-1300

    Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.... Read more

    Affected Products : unicos
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1395

    Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-1127

    registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the per... Read more

    Affected Products : hp-ux
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0885

    Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.... Read more

    Affected Products : alibaba
    • Published: Nov. 03, 1999
    • Modified: Apr. 03, 2025
Showing 20 of 293614 Results