Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2011-4406

    The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2020-13837

    An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).... Read more

    Affected Products : android
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2013-0914

    The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted appli... Read more

    Affected Products : linux_kernel
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-2391

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-1989

    telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-6150

    The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access... Read more

    Affected Products : ubuntu_linux samba
    • Published: Dec. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2007-1537

    \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the N... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2023-45145

    Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, du... Read more

    Affected Products : fedora debian_linux redis
    • Published: Oct. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2007-0007

    gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.... Read more

    Affected Products : gnucash
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-4625

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.... Read more

    Affected Products : php
    • Published: Sep. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1396

    Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0246

    The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-4460

    Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-3586

    Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-0808

    as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.... Read more

    Affected Products : as31
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-0109

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-1875

    The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : capture-tiny
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2011-4606

    Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.... Read more

    Affected Products : rocks\'n\'diamonds
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-0545

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vector... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293414 Results