Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-1999-1224

    IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password informati... Read more

    Affected Products : imapd
    • Published: Oct. 08, 1997
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-3164

    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.... Read more

    Affected Products : opensuse x_server xorg-server
    • Published: Jul. 01, 2015
    • Modified: Aug. 29, 2025

  • 3.6

    LOW
    CVE-2000-0472

    Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.... Read more

    Affected Products : inn
    • Published: Feb. 06, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-1300

    Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.... Read more

    Affected Products : unicos
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-2148

    The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary fil... Read more

    Affected Products : linux_kernel
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-1999-1366

    Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.... Read more

    Affected Products : pegasus_mail
    • Published: May. 15, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-0133

    Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a dif... Read more

    Affected Products : aix
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4842

    The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary fil... Read more

    Affected Products : solaris portable_runtime_api
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-4759

    PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parame... Read more

    Affected Products : punbb
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-5638

    The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.... Read more

    Affected Products : sanlock
    • Published: Dec. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-1837

    The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.... Read more

    Affected Products : ecryptfs_utils ecryptfs-utils
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3225

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-2692

    MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary atta... Read more

    Affected Products : mantisbt
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3454

    eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.... Read more

    Affected Products : extplorer
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-1500

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unkn... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-1989

    telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-0964

    The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a lengt... Read more

    Affected Products : iphone_os tvos
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2023-45145

    Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, du... Read more

    Affected Products : fedora debian_linux redis
    • Published: Oct. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-1172

    DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Po... Read more

    Affected Products : dbus-glib
    • Published: Aug. 20, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294273 Results