Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2015-3631

    Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.... Read more

    Affected Products : docker moby
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2006-4506

    idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.... Read more

    Affected Products : identity_manager identity_manager
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3589

    vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the S... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-4640

    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" c... Read more

    Affected Products : jhead jhead
    • Published: Oct. 21, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2009-1991

    Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was... Read more

    Affected Products : database_server
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2010-1439

    yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network pro... Read more

    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-3028

    The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.... Read more

    Affected Products : joomla aardvertiser
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-4406

    The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-38531

    Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible... Read more

    Affected Products : nix nix
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-0870

    Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.... Read more

    Affected Products : database_server
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-4819

    The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sa... Read more

    Affected Products : x_server x.org-xserver
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2020-13837

    An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).... Read more

    Affected Products : android
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2002-1710

    The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.... Read more

    Affected Products : basilix_webmail
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2995

    bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.... Read more

    Affected Products : bacula
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-3070

    HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.... Read more

    Affected Products : hylafax
    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0536

    Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng paramete... Read more

    Affected Products : phpsysinfo
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2019-1348

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it ... Read more

    Affected Products : leap git
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-4226

    MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permiss... Read more

    Affected Products : mysql mysql
    • Published: Aug. 18, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-0177

    The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.... Read more

    Affected Products : hub hub
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2020-35501

    A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results