Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-2978

    Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CV... Read more

    Affected Products : cognos_business_intelligence
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0222

    The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.... Read more

    Affected Products : enterprise_linux opensuse
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0266

    manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the ... Read more

    Affected Products : folsom essex
    • Published: Mar. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-3043

    Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.... Read more

    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4274

    Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Adminis... Read more

    Affected Products : drupal password_policy
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0259

    Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.... Read more

    Affected Products : drupal boxes
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0245

    The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendl... Read more

    Affected Products : drupal
    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-6402

    base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.... Read more

    • Published: Jan. 05, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0059

    JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.... Read more

    • Published: Nov. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0225

    Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web scr... Read more

    Affected Products : drupal user_relationships
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0218

    The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and th... Read more

    • Published: Feb. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-3564

    Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.... Read more

    Affected Products : sun_glassfish_enterprise_server
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0450

    Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.... Read more

    Affected Products : firefox linux_kernel mac_os_x seamonkey
    • Published: Feb. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3866

    lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master serv... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-0367

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : debian_linux gzip
    • Published: Jul. 02, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0080

    rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.... Read more

    Affected Products : rsync linux
    • Published: Mar. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1394

    Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1397

    The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0555

    The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2960

    cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.... Read more

    Affected Products : debian_linux cfengine
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293631 Results