Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2005-0288

    The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.... Read more

    Affected Products : webseries_payment_application
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2013-4270

    The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2015-3202

    fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debug... Read more

    Affected Products : debian_linux fuse
    • Published: Jul. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2005-4803

    graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. ... Read more

    Affected Products : graphviz
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0246

    The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-1172

    DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Po... Read more

    Affected Products : dbus-glib
    • Published: Aug. 20, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2009-1189

    The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an inc... Read more

    Affected Products : dbus
    • Published: Apr. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2009-0834

    The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass cert... Read more

    • Published: Mar. 06, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2001-1396

    Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-4155

    GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : parallel
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2002-1673

    The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such ... Read more

    Affected Products : webmin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-1692

    Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.... Read more

    Affected Products : windows_95
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-2837

    The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.... Read more

    Affected Products : debian_linux fireflier
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2007-6208

    sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.... Read more

    Affected Products : claws_mail_tools
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2007-5851

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2009-3410

    Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2019-10988

    In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in... Read more

    Affected Products : hdi_4000_firmware hdi_4000
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-3576

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.... Read more

    Affected Products : solaris opensolaris
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2009-3257

    vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2010-0895

    Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter.... Read more

    Affected Products : opensolaris
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293620 Results