Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2007-6208

    sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.... Read more

    Affected Products : claws_mail_tools
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2007-5851

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-5213

    Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).... Read more

    Affected Products : solaris
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2012-3738

    The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dia... Read more

    Affected Products : iphone_os
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3449

    Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.... Read more

    Affected Products : openvswitch
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2002-2038

    Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.... Read more

    Affected Products : next_generation_posix_threading
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-4420

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-6544

    Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-428... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2007-5936

    dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.... Read more

    Affected Products : tetex texlive_2007
    • Published: Nov. 13, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-2045

    The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, wh... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4625

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.... Read more

    Affected Products : php
    • Published: Sep. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-0007

    gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.... Read more

    Affected Products : gnucash
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2012-1120

    The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bu... Read more

    Affected Products : mantisbt
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-2451

    The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it ... Read more

    Affected Products : config-inifiles
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2009-0834

    The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass cert... Read more

    • Published: Mar. 06, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2009-1189

    The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an inc... Read more

    Affected Products : dbus
    • Published: Apr. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2014-4372

    syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.... Read more

    Affected Products : iphone_os tvos
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-3355

    (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context di... Read more

    Affected Products : rhythmbox
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3165

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-4270

    The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294353 Results