Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2023-51796

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.... Read more

    Affected Products : ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2024-56433

    shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potential... Read more

    Affected Products : shadow-utils
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 3.6

    LOW
    CVE-2010-1172

    DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Po... Read more

    Affected Products : dbus-glib
    • Published: Aug. 20, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-2451

    The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it ... Read more

    Affected Products : config-inifiles
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-4625

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.... Read more

    Affected Products : php
    • Published: Sep. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2147

    resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. N... Read more

    Affected Products : resmgrd
    • Published: May. 02, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-2703

    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.... Read more

    Affected Products : weblogic_portal weblogic_portal
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2002-1518

    mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.... Read more

    Affected Products : irix
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-0895

    Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter.... Read more

    Affected Products : opensolaris
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2311

    Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0596

    FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.... Read more

    Affected Products : fdclone
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-1351

    Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.... Read more

    Affected Products : iphone_os
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-1257

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2007-2837

    The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.... Read more

    Affected Products : debian_linux fireflier
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2011-2322

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-2147

    Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly byp... Read more

    Affected Products : openswan
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-5213

    Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).... Read more

    Affected Products : solaris
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2011-0804

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2002-1673

    The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such ... Read more

    Affected Products : webmin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2038

    Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.... Read more

    Affected Products : next_generation_posix_threading
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293643 Results