Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2016-0426

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2020-35501

    A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2001-1409

    dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.... Read more

    Affected Products : linux xfree86_x_server
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4226

    MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permiss... Read more

    Affected Products : mysql mysql
    • Published: Aug. 18, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-0177

    The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.... Read more

    Affected Products : hub hub
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2013-5364

    Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configura... Read more

    Affected Products : enterprise_linux csi_agent
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-0005

    PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a cr... Read more

    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2006-4842

    The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary fil... Read more

    Affected Products : solaris portable_runtime_api
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2013-4956

    Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-4426

    pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.... Read more

    Affected Products : pyxtrlock
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-4763

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2011-3571

    Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was a... Read more

    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2002-0044

    GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.... Read more

    Affected Products : debian_linux linux enscript
    • Published: Jan. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-4846

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions... Read more

    Affected Products : e-business_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2002-1509

    A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.... Read more

    Affected Products : linux
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1395

    Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1519

    RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that adminis... Read more

    Affected Products : windows_2000
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0894

    OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.... Read more

    Affected Products : openmosixview
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2995

    bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.... Read more

    Affected Products : bacula
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293696 Results