Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2015-2633

    Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-3750

    The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Nov. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-1837

    The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.... Read more

    Affected Products : ecryptfs_utils ecryptfs-utils
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-0808

    as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.... Read more

    Affected Products : as31
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-4518

    ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.... Read more

    Affected Products : ibacm
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2020-29374

    An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore ... Read more

    • Published: Nov. 28, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2012-3504

    The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.... Read more

    Affected Products : crypto-utils
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2019-1348

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it ... Read more

    Affected Products : leap git
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2014-7206

    The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.... Read more

    Affected Products : advanced_package_tool apt
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-5459

    The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache func... Read more

    Affected Products : php opensuse solaris evergreen
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-4417

    GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.... Read more

    Affected Products : glusterfs
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2024-56433

    shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potential... Read more

    Affected Products : shadow-utils
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 3.6

    LOW
    CVE-2023-51796

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.... Read more

    Affected Products : ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-4842

    The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary fil... Read more

    Affected Products : solaris portable_runtime_api
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2013-4426

    pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.... Read more

    Affected Products : pyxtrlock
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-1122

    bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privil... Read more

    Affected Products : mantisbt
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-1500

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unkn... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-6150

    The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access... Read more

    Affected Products : ubuntu_linux samba
    • Published: Dec. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4759

    PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parame... Read more

    Affected Products : punbb
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294354 Results