Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2006-5213

    Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).... Read more

    Affected Products : solaris
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2007-2837

    The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.... Read more

    Affected Products : debian_linux fireflier
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2004-2311

    Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2020-3830

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.... Read more

    Affected Products : macos mac_os_x
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2012-3738

    The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dia... Read more

    Affected Products : iphone_os
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-2322

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-2147

    Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly byp... Read more

    Affected Products : openswan
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-0412

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2003-0018

    Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.... Read more

    Affected Products : linux_kernel linux
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-4434

    Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by ... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: Nov. 11, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3449

    Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.... Read more

    Affected Products : openvswitch
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-1837

    The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.... Read more

    Affected Products : ecryptfs_utils ecryptfs-utils
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-1989

    telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-5364

    Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configura... Read more

    Affected Products : enterprise_linux csi_agent
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-4956

    Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-0177

    The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.... Read more

    Affected Products : hub hub
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2013-4157

    Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.... Read more

    Affected Products : storage_server
    • Published: Oct. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2008-0819

    Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : plutostatus_locator
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2008-0822

    Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : scribe
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293652 Results